At 8:45 AM -0500 12/30/06, Leichter, Jerry wrote:
[MJoderator: This is likely beyond the point of general interest to sc-l]
Actually, I disagree, in that it seems to expose a set of vulnerabilities
not known even to language implementors.
On Fri, 29 Dec 2006, ljknews wrote:
| But these are
CCC was amazing, and here is the video for one of the lectures.
http://video.google.com/videoplay?docid=-5897236579900914407q=23c3
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc -
[MJoderator: This is likely beyond the point of general interest to sc-l]
On Fri, 29 Dec 2006, ljknews wrote:
| Date: Fri, 29 Dec 2006 20:49:01 -0500
| From: ljknews [EMAIL PROTECTED]
| To: sc-l@securecoding.org
| Subject: Re: [SC-L] temporary directories
|
| At 6:56 PM -0500 12/29/06,
I gather you are saying that the innards of Unix will force creation
of an unwanted directory entry on the Ada implementation of the required
null name support for packagename.CREATE . The Ada implementation
could rely on exclusive access to the file (surely Unix has that, right?)
You can
At 5:11 PM +0100 12/30/06, Florian Weimer wrote:
I gather you are saying that the innards of Unix will force creation
of an unwanted directory entry on the Ada implementation of the required
null name support for packagename.CREATE . The Ada implementation
could rely on exclusive access to
At 2:18 PM + 1/2/07, Peter Amey wrote:
[snip]
Isn't the whole basis of Spark a matter of adding proof
statements in the comments ? I don't think the general
compiler marketplace would go for that built-in to compilers.
After all:
1. The Praxis implementation can be used
[snip]
Isn't the whole basis of Spark a matter of adding proof
statements in the comments ? I don't think the general
compiler marketplace would go for that built-in to compilers.
After all:
1. The Praxis implementation can be used with multiple compilers
2. The
I think my perspective is not just about overlap in terms of an abstract syntax
tree but more in terms of usability. Security warnings should appear inline
with other types of warnings from a developers perspective. When the
information is presented separately, it will be an opportunity to
I read a recent press release in which a security vendor (names removed to both
protect the innocent along with the fact that it doesn't matter for this
discussion ) partnered with a prominent outsourcing firm. The press release was
carefully worded but if you read into what wasn't said, it was
Florian Weimer:
I gather you are saying that the innards of Unix will force creation
of an unwanted directory entry on the Ada implementation of the required
null name support for packagename.CREATE . The Ada implementation
could rely on exclusive access to the file (surely Unix has that,
At 9:46 AM -0500 1/2/07, McGovern, James F (HTSC, IT) wrote:
I read a recent press release in which a security vendor (names removed
to both protect the innocent along with the fact that it doesn't matter
for this discussion ) partnered with a prominent outsourcing firm. The
press release was
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ljknews
Sent: 02 January 2007 14:20
To: Secure Coding
Subject: Re: [SC-L] Compilers
At 2:18 PM + 1/2/07, Peter Amey wrote:
[snip]
We think so! However, like everything else, it is
| ...P.S. Please watch for the unfortunate word wrap in the URL of my
| original post. The broken link still works but goes to thw wrong place!
Now, *there's* an interesting hazard! One can imagine some interesting
scenarios where this could be more than unfortunate. At the least,
it could be
13 matches
Mail list logo