At 11:35 AM -0400 5/14/07, Greg Beeley wrote: > Agreed in concept to the "no second-class citizens" idea. But I think > the test needs to have a language-specific element to it. Every language > and environment has unique pitfalls and security considerations. A > developer who knows to avoid memory management, buffer, and integer issues > in C may have no clue about nul-poisoning in a web scripting language's > counted (as opposed to zero-terminated) strings.
And they may have no need for that. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
