The following message is a courtesy copy of an article that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.
[EMAIL PROTECTED] (Paul Gilmartin) writes: > Much of this is due to the reliance on null-terminated strings, which > are not peculiar to C, but are rooted in the UNIX continuum between > applications programming and systems programming. i've actually had this discussion with some of the people involved, null allowed for one byte overhead for arbitrary lengths ... somewhat the y2k phenomena ... as opposed to the two byte explicit length overhead (for up to 64k). x-over post on the subject from today in another fora http://www.garlic.com/~lynn/2007l.html#11 John W. Backus, 82, Fortran developer, dies lots of posts on the subject of exploits/failures related to the characteristic http://www.garlic.com/~lynn/subintegrity.html#overflow i had been monitoring some of the statistics thru the 90s ... but more recently there were much fewer ... so i had to do some analysis myself ... looking at some of the exploit databases. part of the problem (that I complained about) was that many of the descriptions were somewhat freeform and could be ambiguous ... which i complained about a number of times. there were some more recent announcements that they would be attempting to better classify/categorize exploits. old posts with some attempts at classification/categorization based on analysis of some of the exploit databases http://www.garlic.com/~lynn/2004e.html#43 security taxonomy and CVE http://www.garlic.com/~lynn/2004j.html#58 Vintage computers are better than modern crap ! http://www.garlic.com/~lynn/2005c.html#32 [Lit.] Buffer overruns and this one mentions an article in early 2005 quoting a NIST study that came up with similar statistics that I had come up with nearly a year earlier: http://www.garlic.com/~lynn/2005b.html#43 [Lit.] Buffer overruns note part of the mentioned efforts was in support of my merged security taxonomy and glossary ... some notes here: http://www.garlic.com/~lynn/index.html#glosnote past posts in this thread: http://www.garlic.com/~lynn/2007k.html#65 Non-Standard Mainframe Language? http://www.garlic.com/~lynn/2007k.html#67 Non-Standard Mainframe Language? http://www.garlic.com/~lynn/2007k.html#73 Non-Standard Mainframe Language? http://www.garlic.com/~lynn/2007k.html#74 Non-Standard Mainframe Language? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html