On 11/26/2010 10:28, Bruno Medeiros wrote: > Yes, Walter's statement that it is impossible for a null pointer to > cause a security vulnerability is (likely) incorrect. > But his point at large, considering the discussion that preceded the > comment, was that null pointers are utterly insignificant with regards > to security vulnerabilities.
I really hate this way of thinking. Security vulnerabilities are binary - either they exist or they don't. Every security vulnerability seems minor until it is exploited. Yes, some security vulnerabilities are more likely to be exploited than others. But instead of rationalizing about how significant each individual security vulnerability is, isn't it better to just fix all of them? (I know, I'm a hopeless idealist.) -- Rainer Deyke - [email protected]
