While I completely agree with this statement, it is a much tougher
sell to management that is seeking to keep the company making money
(or perhaps even alive). I believe that having (and using) an
imperfect tool is better than nothing, so I would at least push for
that. Getting things
That is certainly true. I was just commenting on the issue of systems
that work together tightly. None do now (as far as I know), but this
should potentially allow that to happen.
I did here a few moans when this news came out, since IBM is not known
for inexpensiveness from what I
On 7/29/09 8:08 PM, silky michaelsli...@gmail.com wrote:
Of course it's a binary, it runs by itself, when there is a java vm
to run it. Just like you need a win32 vm to run a typical .exe.
You misunderstand the notion of virtual machines if you think of Win32 as a
virtual machine. There is
In a message dated July 30, 2009 10:09 AM EDT, Paco Hope wrote...
The Java Virtual Machine is a theoretical machine, and Java
code is compiled
down to Java bytecode that runs on this theoretical machine.
The Java VM is
the actual Windows EXE that runs on the real hardware. It reads these
Actually it's not vulnerable because the strings are escaped first. My point
is simply that using prepared statements would have been more robust than
escaping strings on the client side. I'm sorry I didn't make that clear, I'll
go edit my post now.
Thanks!
Pascal
Kenneth Van Wyk wrote:
Something occurred to me last night as I pondered where this discussion¹s
tendrils are taking us.
An point I only made implicitly is this: The questionfor yearshas been
³conduct your SA on source code or binary?². You can see that there are
interesting subtleties in even those languages that
First, I generally agree that there are many factors that make the true and
factual fidelity of static analysis really REALLY difficult.
However, I submit that by debating this point, you're belaboring the correct
angle of survivable Neptunian atmospheric entry with people that don't
generally