* Kenneth Van Wyk: > 1) the original author of the defect thought that s/he was doing > things correctly in using strncpy (vs. strcpy).
> 2) the original author had apparently been doing static source > analysis using David Wheeler's Flawfinder tool, as we can tell from > the comments. This is not a first, BTW. The Real folks have always been a bit overzealous when adding those "Flawfinder: ignore" annotations: <http://archive.cert.uni-stuttgart.de/vulnwatch/2005/03/msg00000.html> _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
