[SC-L] Opinions on strcpy_s, strcat_s, etc.?

2004-09-02 Thread Jared W. Robinson
Who's had experience using the new strcpy_s, etc. functions? What are your opinions? http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure03102004.asp http://std.dkuug.dk/jtc1/sc22/wg14/www/docs/n1031.pdf - Jared

Re: [SC-L] Book review - Threat Modeling

2004-08-19 Thread Jared W. Robinson
While the book does have useful information, I'd also encourage people to read NIST publication 800-30 Risk Management Guide for Information Technology Systems. I'd like it if the authors of Threat Modeling had learned a few things from that document -- it would have helped them improve their book

Re: [SC-L] opinion, ACM Queue: Buffer Overrun Madness

2004-06-10 Thread Jared W. Robinson
On Wed, Jun 09, 2004 at 03:34:52PM +0100, David Crocker wrote: Apart from the obvious solution of choosing another language, there are at least two ways to avoid these problems in C++: 1. Ban arrays (to quote Marshall Cline's C++ FAQ Lite, arrays are evil!). Use classes from the STL, or