Secure Coding mailing list archives
Interesting tidbit in iDefense Security Advisory 06.26.07
From: fw at deneb.enyo.de (Florian Weimer)
Date: Fri, 29 Jun 2007 09:56:07 +0200
* Kenneth Van Wyk:
1) the original author of the defect thought that s/he was doing things correctly in using strncpy (vs. strcpy).
2) the original author had apparently been doing static source analysis using David Wheeler's Flawfinder tool, as we can tell from the comments.
This is not a first, BTW. The Real folks have always been a bit overzealous when adding those "Flawfinder: ignore" annotations: <http://archive.cert.uni-stuttgart.de/vulnwatch/2005/03/msg00000.html>
Current thread:
- Interesting tidbit in iDefense Security Advisory 06.26.07, (continued)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Paco Hope (Jun 26)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Steven M. Christey (Jun 26)
- The Next Frontier McGovern, James F (HTSC, IT) (Jun 26)
- The Next Frontier Paco Hope (Jun 27)
- The Next Frontier ljknews (Jun 27)
- The Next Frontier Steven M. Christey (Jun 27)
- The Next Frontier McGovern, James F (HTSC, IT) (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Paco Hope (Jun 26)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Leichter, Jerry (Jun 27)
- Comparing Software Vendors McGovern, James F (HTSC, IT) (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 J. M. Seitz (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Leichter, Jerry (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 David A. Wheeler (Jun 28)