Buffer overruns (was: Secure Voting software)
Cameron Laird
claird at lairds.com
Thu Jan 22 17:40:31 EST 2004
In article <7xvfn4lq9m.fsf at ruckus.brouhaha.com>,
Paul Rubin <http://phr.cx@NOSPAM.invalid> wrote:
.
.
.
>Buffer overruns are just one narrow type of security failure.
.
.
.
Yes and no. Yes, a security audit needs to consider at least hundreds
of distinct categories of technical hazards, and buffer overruns are
just one of these, and arguably not the riskiest. HOWEVER, we make up
for that with the frequency with which we do them; that is, although
all the analysis buffer overruns require was available at least twenty
years ago, it remains, in my experience, much the most frequent
identifiable security-pertinent fault our industry writes in, day
after day. We sure look dumb.
'Course, that's certainly not the fault of Python folk.
--
Cameron Laird <claird at phaseit.net>
Business: http://www.Phaseit.net
More information about the Python-list
mailing list