Secure Coding mailing list archives
Re: Looking for good software security stats
From: "Greenarrow 1" <Greenarrow1 () msn com>
Date: Thu, 04 Mar 2004 15:25:33 +0000
At this site they have a Adobe Pdf all about the below subject if anyone is interested in reading: http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci952377,00.html?track=NL-102&ad=477590 [Ed. That would be the new Hoglund and McGraw book. Oh, and (free) registration is required for the above site. KRvW] Exploiting Software: How to Break Code, Chapter 7 -- Buffer Overflow Buffer Overflow 101 The buffer overflow remains the crown jewel of attacks, and it is likely to remain so for years to come. Part of this has to do with the common existence of vulnerabilities leading to buffer overflow. If holes are there, they will be exploited. Languages that have out-of-date memory management capability such as C and C++ make buffer overflows more common than they should be. As long as developers remain unaware of the security ramifications of using certain everyday library functions and system calls, the buffer overflow will remain commonplace Regards, George Greenarrow1 InNetInvestigations-Forensics ----- Original Message ----- From: "Kenneth R. van Wyk" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 03, 2004 12:17 PM Subject: [SC-L] Looking for good software security stats
Hi all, I'm looking for published reports on software vulnerabilities with regard to the software development process. With a bit of googling, I've found some good starting points (e.g., www.securitytracker.com/ learn/securitytracker-stats-2002.pdf), that provide stats on vulnerabilities by type. I'm particularly interested in stats that provide insight into where in the software development process the vulnerabilities were introduced. Anyone have some good citations to share? Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com
Current thread:
- Looking for good software security stats Kenneth R. van Wyk (Mar 03)
- Re: Looking for good software security stats Chris Wysopal (Mar 03)
- <Possible follow-ups>
- Re: Looking for good software security stats Greenarrow 1 (Mar 04)
- Re: Looking for good software security stats Pascal Meunier (Mar 08)
- RE: Looking for good software security stats Gary McGraw (Mar 08)