ISS, McAfee, and Cisco are all selling or are about to start selling products with "buffer overflow protection".
And that can do a dandy job of stopping a large class of problems. It won't help you with other issues -- not all vulnerabilities are stack/buffer overflows. Some are just dumb design/poor programming. Eg. sanitizing parameters supplied to a cgi, or ssh attacks on dumb passwords, SQL injection tricks, etc.
The ideal of being able to catch vulnerability the moment or as soon as it is manifested is just an ideal. Anyone who says they can do so is misleading at best.
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
