At 1:10 PM -0400 6/8/04, Jose Nazario wrote: >thought some of you may find this editorial from the May 04 ACM Queue >worth a read. ACM Queue is an interesting magazine and has a website at >acmqueue.org. > >Buffer Overrun Madness > >ACM Queue vol. 2, no. 3 - May 2004 >by Rodney Bates, Wichita State University > >Why do good programmers follow bad practices? > >In January 2003, the Slammer worm was reported to be the fastest spreading >ever. Slammer gets access by exploiting a buffer overrun. If you peruse >CERT (Computer Emergency Readiness Team) advisories or security upgrade >releases, you will see that the majority of computer security holes are >buffer overruns. These would be minor irritations but for the world's >addiction to the weakly typed programming languages C and its derivative >C++.
And yet this mailing list, supposedly devoted to secure coding, seem polarized around the notion of shoring up those languages.
