At 1:10 PM -0400 6/8/04, Jose Nazario wrote:
thought some of you may find this editorial from the May 04 ACM Queue
worth a read. ACM Queue is an interesting magazine and has a website at
Buffer Overrun Madness
ACM Queue vol. 2, no. 3 - May 2004
by Rodney Bates, Wichita State University
Why do good programmers follow bad practices?
In January 2003, the Slammer worm was reported to be the fastest spreading
ever. Slammer gets access by exploiting a buffer overrun. If you peruse
CERT (Computer Emergency Readiness Team) advisories or security upgrade
releases, you will see that the majority of computer security holes are
buffer overruns. These would be minor irritations but for the world's
addiction to the weakly typed programming languages C and its derivative
And yet this mailing list, supposedly devoted to secure coding,
seem polarized around the notion of shoring up those languages.