I was recently looking at some code to do regular expression matching,
when it occurred to me that one can produce fairly small regular
expressions that require huge amounts of space and time. There's
nothing in the slightest bit illegal about such regexp's - it's just
inherent in regular
| Date: Mon, 5 Jun 2006 16:50:17 -0400
| From: McGovern, James F (HTSC, IT) [EMAIL PROTECTED]
| To: sc-l@securecoding.org
| Subject: [SC-L] Comparing Scanning Tools
|
| The industry analyst take on tools tends to be slightly different than
| software practitioners at times. Curious if anyone has
On Mon, 5 Jun 2006, David A. Wheeler wrote:
| ... One reason is that people can get degrees in
| Computer Security or Software Engineering without knowing how to
| develop software that receives hostile data. Even the
| Software Engineering Body of Knowledge essentially
| omits security issues (a
| Kevin is correct, a type confusion attack will allow the bypass of the
| security manager simply because via a type confusion attack you will be
able
| to change what the security manager is 'seeing'
|
| So in an environment where you have a solid Security Policy (enforced by a
|
