At 4:41 PM -0500 2/4/08, Steven M. Christey wrote:
> On Mon, 4 Feb 2008, Robert A. Martin wrote:
>> You still need to add to that issues that apply to all languages
>> versus these lists of language specific weaknesses and C and C++ have
>> significant overlap given their relationship.
> There is an important point to keep in mind when using the (current) CWE
> views.  Some weaknesses have been marked with an "All Languages" tag, even
> though they might be more prevalent in certain languages.  For example,
> format string problems can happen in any language that uses format strings
> ("%99999999s" to fill up disk or memory, anybody?), so it's marked with
> "All" and it's not in the C-specific view, even though there's a heavy
> concentration of format strings in C/C++.

It is marked as "All" ?

What is the construct in Ada that has such a risk ?
Larry Kilgallen
Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to