der Mouse (Maus surely?) wrote
[snip]
Well, actually, but for the world's addiction to sloppy coding.
It's entirely possible to avoid buffer overflows in C; it
just requires
a little care in coding. C's major failing in this regard - and I
don't actually consider it all that major - is
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of Blue Boar
Sent: 28 June 2004 21:35
To: Kenneth R. van Wyk
Cc: [EMAIL PROTECTED]
Subject: Re: [SC-L] SPI, Ounce Labs Target Poorly Written Code
Kenneth R. van Wyk wrote:
The article quotes SPI
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of Blue Boar
Sent: 01 July 2004 21:03
To: ljknews
Cc: [EMAIL PROTECTED]
Subject: Re: [SC-L] ACM Queue article and security education
ljknews wrote:
I think it will be properly considered when the
-Original Message-
From: Blue Boar [mailto:[EMAIL PROTECTED]
Sent: 01 July 2004 17:11
To: Peter Amey
Cc: [EMAIL PROTECTED]
Subject: Re: [SC-L] ACM Queue article and security education
Peter Amey wrote:
There are languages which are more suitable for the construction
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of Crispin Cowan
Sent: 07 July 2004 23:29
To: ljknews
Cc: [EMAIL PROTECTED]
Subject: Re: [SC-L] Education and security -- another perspective (was
ACM Queue - Content)
ljknews wrote:
What is
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of der Mouse
Sent: 08 July 2004 03:47
To: [EMAIL PROTECTED]
Subject: Re: [SC-L] Education and security -- another perspective (was
ACM Queue - Content)
I see both of you willing to mandate the
-Original Message-
From: Crispin Cowan [mailto:[EMAIL PROTECTED]
Sent: 09 July 2004 04:27
To: Peter Amey
Cc: ljknews; [EMAIL PROTECTED]
Subject: Re: [SC-L] Education and security -- another perspective (was
ACM Queue - Content)
Peter Amey wrote:
What is wrong
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of ljknews
Sent: 12 July 2004 14:24
To: [EMAIL PROTECTED]
Subject: Re: [SC-L] Programming languages used for security
At 3:55 PM -0700 7/10/04, Crispin Cowan wrote:
However, I think I do see a
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of der Mouse
Sent: 12 April 2005 05:15
To: SC-L@securecoding.org
Subject: Re: [SC-L] Theoretical question about vulnerabilities
[B]uffer overflows can always be avoided, because if there is ANY
input
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim Hollebeek
Sent: 30 August 2006 18:23
To: 'Wall, Kevin'; SC-L@securecoding.org
Subject: Re: [SC-L] How can we stop the spreading insecure
coding examplesattraining classes, etc.?
Really,
[snip]
Isn't the whole basis of Spark a matter of adding proof
statements in the comments ? I don't think the general
compiler marketplace would go for that built-in to compilers.
After all:
1. The Praxis implementation can be used with multiple compilers
2. The
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ljknews
Sent: 02 January 2007 14:20
To: Secure Coding
Subject: Re: [SC-L] Compilers
At 2:18 PM + 1/2/07, Peter Amey wrote:
[snip]
We think so! However, like everything else
criteria. I guess at some level, choosing any tool will move the needle,
but investments really should be longer term.
[PNA]
Agreed
Peter
Peter Amey BSc ACGI
other cases.
Buffer overflows are the square windows of secure software: we shouldn't
be /scanning/ for them but using languages and tools that /prevent/
their introduction.
Regards
Peter
Peter Amey BSc ACGI CEng CITP MRAes FBCS
CTO
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Wall, Kevin
Sent: 24 May 2007 12:45
To: McGovern, James F (HTSC, IT)
Cc: SC-L@securecoding.org
Subject: Re: [SC-L] Tools: Evaluation Criteria
James McGovern wrote...
Maybe folks are still
15 matches
Mail list logo
