Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

BSIMM: Confessions of a Software SecurityAlchemist(informIT)

From: ljknews at mac.com (ljknews)
Date: Sat, 21 Mar 2009 09:11:05 -0400
At 11:41 PM -0400 3/20/09, Gary McGraw wrote:


once long ago I spilt a bottle of wine with dan geer



we argued for hours about whether a buffer overflow was
a bug or a flaw.  if you find one in a code pile (say,
caused by a local variable on the stack and a gets call) ,
it is a bug.  Or is it a flaw that the C stack grows in
an incredibly stupid way?


That reasoning has a bit of not being able to see the forest
for the trees.

The root problem (and I do not care about the terminology)
is that the C programming language promotes the use of
uncounted strings.
-- 
Larry Kilgallen
Previous By Date Next
Previous By Thread Next

Current thread: