The Revenge of Buffer Overflows

Alejandro Tejada capellan2000 at gmail.com
Wed Apr 9 17:58:47 EDT 2014


Richard Gaskin wrote
> Scott Raney's opinion on buffer overflows:
> <https://www.mail-archive.com/

> metacard at .runrev

> /msg02659.html>

Many thanks for posting this message from Scott Raney.
>From this message, I found the Top 25 software errors:
http://www.sans.org/top25-software-errors/

And Buffer Overflows is at the top in his category:
Risky Resource Management

http://cwe.mitre.org/top25/index.html#CWE-120

This incident just generates more questions:

Who made this specific change in the OpenSSL code?
Did he actually knew the consequences of the
changes that he committed?
Why nobody else noticed, until now?
Who knows what evil lurks in the source of trusted software?

Al






--
View this message in context: http://runtime-revolution.278305.n4.nabble.com/The-Revenge-of-Buffer-Overflows-tp4678133p4678137.html
Sent from the Revolution - User mailing list archive at Nabble.com.




More information about the Use-livecode mailing list