Firewall Wizards mailing list archives
RE: Buffer Overruns
From: sean.kelly () lanston com
Date: Tue, 21 Dec 1999 14:18:59 -0500
On Saturday, December 18, 1999 5:45 PM, Vin McLellan <vin () shore net> wrote:
It there something in the emergence of a popular Internet, or some other timely aspect in the industry's evolution, that has brought to light the vulnerabilities associated with buffer overruns in
recent years?
Maybe some shift in program design or programming
engineering
practice? What left so many of these vulnerabilities unexposed and their risks unappreciated for so many years?
Buffer overruns are traditionally one of the most common programmer errors. They're also one of the most common to slip through testing. I think the issue recently has been that they've been exposed as one of the first things to try if you're going to try to break a system, and with the explosion of hacking it's inevitable that the problems will be discovered. It's also the case that in the past few years companies have placed more emphasis on shipping a product than shipping a priduct that works. Programmers, on the average, are probably less skilled than 5 or 10 years ago and they're spending less time testing their code, because of deadlines. I would think that as time goes on these issues will become less and less common, because so much code is being done at a high-level now. C is the largest culprit for overruns, many other languages use dynamic data structures to store things like strings which makes the likelihod of even being able to write code with an overrun much smaller or entirely impossible. Sean
Current thread:
- Re: Buffer Overruns, (continued)
- Re: Buffer Overruns Joseph S D Yao (Dec 21)
- OT - Rant on State of S/w Engr (was Re: Buffer Overruns) Lim Wei Siong Vincent (Dec 22)
- Re: OT - Rant on State of S/w Engr (was Re: Buffer Overruns) Joseph S D Yao (Dec 23)
- Re: Buffer Overruns Joseph S D Yao (Dec 21)
- Re: Buffer Overruns Crispin Cowan (Dec 21)
- Re: Buffer Overruns Epstein, Jeremy (Dec 20)
- RE: Buffer Overruns Doty, Ted (ISSAtlanta) (Dec 20)
- RE: Buffer Overruns LeGrow, Matt (Dec 20)
- Re: Buffer Overruns Steven M. Bellovin (Dec 21)
- RE: Buffer Overruns sean . kelly (Dec 22)
- Re: Buffer Overruns Michael Kelly (Dec 22)
- RE: Buffer Overruns sean . kelly (Dec 22)
- Re: Buffer Overruns Joseph S D Yao (Dec 23)
- RE: Buffer Overruns sean . kelly (Dec 23)
- Message not available
- Message not available
- Re: Buffer Overruns Crispin Cowan (Dec 30)
- Re: Buffer Overruns Joseph S D Yao (Dec 30)
- Message not available