COBOL Exploits

[neumann at csl.sri.com (Peter G. Neumann)]

Searching through 
  http://www.csl.sri.com/neumann/illustrative.html
gives these COBOL-related RISKS items.  The initial 
character descriptors are defined there.  In the citations,

* R relates to RISKS (archives at risks.org)
* S relates to SIGSOFT Software Engineering Notes (archives at
    www.sigsoft.org/SEN/ although more recent items also in RISKS)

Vf  West Drayton ATC system bug found in 2-yr-old COBOL code (S 16 3, R 11 30)

\$fe IRS COBOL reprogramming delays; interest paid on over 1,150,000 refunds 
  (S 10 3:12)

S[H?] Election frauds, lawsuits, spaghetti code, same memory locations
used for multiple races simultaneously, undocumented GOTOs, COBOL
ALTER verb allowing self-modifying code, calls to undocumented/unknown
subroutines, bypassable audit trails (S 11 3); 
Report from the Computerized Voting Symposium, August 1986 (S 11 5)

Sie
Data transfer Excel-COBOL loses voter data in 2003 Greenville
  Mississippi election (R 22 95)

\$hi Man gets \$218 trillion phone bill (R 24 24); COBOL program? 
  (R 24 27,29,30,33)

f Discussion of date and century roll-over problems:
Fujitsu SRS-1050 ISDN display phones fail on two-digit month (10);
1401 one-character year field; COBOL improvements; IBM 360 (S 20 2:13)
  [See Fred Ballard and Walt Murray  (R 16 70 ff).]
  [Lots of stuff is relevant on COBOL's two-character year field
  and the entire Y2K saga.]