Secure Coding mailing list archives

Interesting tidbit in iDefense Security Advisory 06.26.07

From: fw at deneb.enyo.de (Florian Weimer)
Date: Fri, 29 Jun 2007 09:56:07 +0200

* Kenneth Van Wyk:

1) the original author of the defect thought that s/he was doing
things correctly in using strncpy (vs. strcpy).

2) the original author had apparently been doing static source
analysis using David Wheeler's Flawfinder tool, as we can tell from
the comments.


This is not a first, BTW.  The Real folks have always been a bit
overzealous when adding those "Flawfinder: ignore" annotations:

<http://archive.cert.uni-stuttgart.de/vulnwatch/2005/03/msg00000.html>

Current thread:

Interesting tidbit in iDefense Security Advisory 06.26.07, (continued)
- - Interesting tidbit in iDefense Security Advisory 06.26.07 Paco Hope (Jun 26)
    - Interesting tidbit in iDefense Security Advisory 06.26.07 Steven M. Christey (Jun 26)
  - The Next Frontier McGovern, James F (HTSC, IT) (Jun 26)
    - The Next Frontier Paco Hope (Jun 27)
    - The Next Frontier ljknews (Jun 27)
    - The Next Frontier Steven M. Christey (Jun 27)
    - The Next Frontier McGovern, James F (HTSC, IT) (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 J. M. Seitz (Jun 26)
  - Interesting tidbit in iDefense Security Advisory 06.26.07 Leichter, Jerry (Jun 27)
    - Comparing Software Vendors McGovern, James F (HTSC, IT) (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Florian Weimer (Jun 29)
- Interesting tidbit in iDefense Security Advisory 06.26.07 David A. Wheeler (Jun 28)
  - Interesting tidbit in iDefense Security Advisory 06.26.07 J. M. Seitz (Jun 28)
    - Interesting tidbit in iDefense Security Advisory 06.26.07 Leichter, Jerry (Jun 28)
    - Interesting tidbit in iDefense Security Advisory 06.26.07 David A. Wheeler (Jun 28)