Re: Looking for good software security stats

["Greenarrow 1" <Greenarrow1 () msn com>]

At this site they have a Adobe Pdf all about the below subject if anyone is
interested in reading:

http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci952377,00.html?track=NL-102&ad=477590

[Ed. That would be the new Hoglund and McGraw book.  Oh, and (free) 
registration is required for the above site. KRvW]

Exploiting Software: How to Break Code, Chapter 7 -- Buffer Overflow

Buffer Overflow 101
The buffer overflow remains the crown jewel of attacks, and it is likely to
remain so for years to come. Part of this has to do with the common
existence of vulnerabilities leading to buffer overflow. If holes are there,
they will be exploited. Languages that have out-of-date memory management
capability such as C and C++ make buffer overflows more common than they
should be. As long as developers remain unaware of the security
ramifications of using certain everyday library functions and system calls,
the buffer overflow will remain commonplace

Regards,
George
Greenarrow1
InNetInvestigations-Forensics


----- Original Message -----
From: "Kenneth R. van Wyk" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 03, 2004 12:17 PM
Subject: [SC-L] Looking for good software security stats

> Hi all,
>
> I'm looking for published reports on software vulnerabilities with regard
> to
> the software development process.  With a bit of googling, I've found some
> good starting points (e.g., www.securitytracker.com/
> learn/securitytracker-stats-2002.pdf), that provide stats on
> vulnerabilities
> by type.  I'm particularly interested in stats that provide insight into
> where in the software development process the vulnerabilities were
> introduced.
>
> Anyone have some good citations to share?
>
> Cheers,
>
> Ken van Wyk
> --
> KRvW Associates, LLC
> http://www.KRvW.com