From owner-freebsd-chat Thu May 13 9:29:35 1999 Delivered-To: freebsd-chat@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 0B50014C47 for ; Thu, 13 May 1999 09:29:31 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id KAA14777; Thu, 13 May 1999 10:29:22 -0600 (MDT) Message-Id: <4.2.0.37.19990513102444.04697e40@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.37 (Beta) Date: Thu, 13 May 1999 10:27:53 -0600 To: chris@calldei.com From: Brett Glass Subject: Re: BSD, GPL, the world today. (fwd) Cc: Jamie Bowden , chat@FreeBSD.ORG In-Reply-To: <19990513112210.A19394@holly.dyndns.org> References: <4.2.0.37.19990513095524.04429440@localhost> <4.2.0.37.19990513095524.04429440@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:22 AM 5/13/99 -0500, Chris Costello wrote: > The solution to the problem of 'Black Hats' exploiting open >source software before 'White Hats' can fix it is to learn how to >code properly. The problem is that open source is a volunteer effort, and skills vary widely. The tools must be built so as to prevent the errors from occurring in the first place, at least inasmuch as possible. There SHOULD NOT BE an sprintf() function in the C library, for example. In fact, I'll go farther and say that strings and arrays terminated by sentinels should be removed from computer languages. > If they did enough testing (I believe buffer >overflow, formatting "bugs", etc), the problem would be much >smaller. Quality must be built in, not tested in. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message