* Kenneth Van Wyk:

> 1) the original author of the defect thought that s/he was doing
> things correctly in using strncpy (vs. strcpy).

> 2) the original author had apparently been doing static source
> analysis using David Wheeler's Flawfinder tool, as we can tell from
> the comments.

This is not a first, BTW.  The Real folks have always been a bit
overzealous when adding those "Flawfinder: ignore" annotations:

Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to