Re: [SC-L] Interesting article on the adoption of Software Security

2004-06-10 Thread Crispin Cowan
Damir Rajnovic wrote: While this is true that only some of the bugs are fixed that fixing can have unexpectedly high price tag attached. No matter how do you look at this it _is_ cheaper to fix bugs as soon as possible in the process (or not introduce them at the first place). This is true in

Re: [SC-L] opinion, ACM Queue: Buffer Overrun Madness

2004-06-10 Thread Jared W. Robinson
On Wed, Jun 09, 2004 at 03:34:52PM +0100, David Crocker wrote: Apart from the obvious solution of choosing another language, there are at least two ways to avoid these problems in C++: 1. Ban arrays (to quote Marshall Cline's C++ FAQ Lite, arrays are evil!). Use classes from the STL, or