Blue Boar wrote:
To clarify, I'm talking about things like passing unfiltered user input
to a system shell, or a native API, something like that.
True. In the case of passing a user input string to the shell or a database
server, you're accepting what's potential a program as input. However,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of Blue Boar
Sent: 28 June 2004 21:35
To: Kenneth R. van Wyk
Cc: [EMAIL PROTECTED]
Subject: Re: [SC-L] SPI, Ounce Labs Target Poorly Written Code
Kenneth R. van Wyk wrote:
The article quotes SPI
FYI, a couple of announcements from SPI Dynamics and Ounce Labs hit eWeek.com
today -- see http://www.eweek.com/article2/0,1759,1617901,00.asp for the full
text.
According to the article, SPI Dynamics has released its SecureObjects
product, which is a series of (presumably) securely written