At 9:16 PM +0100 11/1/07, Johan Peeters wrote: > I think this could do a great service to the community. > > Recently I was hired by a major financial institution as a lead > developer. They said they needed me for some Java applications, but it > turns out that the majority of code is in COBOL. As I have never > before been anywhere near COBOL, this comes as a culture shock. I was > surprised at the paucity of readily available information on COBOL > vulnerabilities, yet my gut feeling is that there are plenty of > security problems lurking there. Since so much of the financial > services industry is powered by COBOL, I would have thought that > someone would have done a thorough study of COBOL's security posture. > I certainly have not found one. Anyone else?
Can anyone point to stories about Cobol exploits ? I mean exploits that have to do with the nature of the language, not social engineering attacks that happened to take place against a Cobol shop. My limited exposure to Cobol makes me think it is as unlikely to have a buffer overflow as PL/I or Ada. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________