The good old buffer-overflow remains popular

Subject: The good old buffer-overflow remains popular
From: Gary Stoneburner <gary.stoneburner@nist.gov>
Date: Thu, 03 Jul 2003 10:27:54 -0400
Content-Type: multipart/alternative; boundary="=====================_1601984==.ALT"

re: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci912661,00.html

"The hundreds of new vulnerabilities discovered each month could leave system administrators' heads spinning, but a new list by Internet Security Systems Inc. will offer some guidance on the issue. Dubbed the Catastrophic Risk Index (CRI), the list includes 31 exploitable vulnerabilities that companies should focus on. ... Of the 31 flaws on the CRI, 29 are buffer overflows."

Again I suggest that the "vulnerability" is not the next buffer-overflow flaw, but the fact that we continue to market products that do not address known software development problems.

Cheers anyway :-)
Gary

************************************************************************** * Opinions expressed are not intended to reflect an official position ************************************************************************** * Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************

Prev by Date: we (only?) see the poorly crafted ones
Next by Date: New Win buffer-overflow flaw
Prev by thread: New Win buffer-overflow flaw
Next by thread: we (only?) see the poorly crafted ones

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov