Date: Tue, 21 Jul 1998 13:18:31 -0600 From: Brett Glass <brett@lariat.org> To: Martin Cracauer <cracauer@bik-gmbh.de>, security@FreeBSD.ORG Subject: Re: Projects to improve security (related to C) Message-ID: <199807211918.NAA15306@lariat.lariat.org> In-Reply-To: <19980721153715.A714@bik-gmbh.de> References: <v04011703b1d98657693f@[128.113.24.47]> <199807201732.LAA20377@lariat.lariat.org> <Pine.BSI.3.96.980720142915.6556A-100000@anchovy.orem.iserver.com> <v04011703b1d98657693f@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:37 PM 7/21/98 +0200, Martin Cracauer wrote: >If some person isn't capable or willing to avoid buffer overflows in C >(as I said, one of the easier solvable security problems), he/she >probably doesn't have a clue or doesn't care about other problems as >well. So don't run the code. You might even use the easily reviewable >bounds issue to judge over the code. If he/she didn't get that one >right, you know what you will get. If it's written in Java, you don't >have such an easy indicator. Sorry, but I don't buy the notion that the possibility of SOME bugs is an excuse to let more of them slip by. That's like saying, "So what if the Ford Pinto blows up when hit in the rear? If we fixed that, we wouldn't suspect that the car's radio was designed badly." --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807211918.NAA15306>