Re: Ancient history

David Wagner wrote:

> Nick Maclaren wrote:
>
>>My experience (and that of many other people) is that the
>>majority of errors in real programs are of the sort that could not
>>be caught by a practical C bounds checker.
>
>
> I'll take a 20% reduction in security holes, even if it is not
> a majority.

A simple action is to add a statement saying, "Checks for
queue/buffer overflows shall be performed and an appropriate
recovery action performed."

The detailed requirements will probably need to specify which
recovery is to be taken. Different parts of the same program
may need to recover in different ways.

Andrew Swallow
Received on Thu Sep 29 21:43:34 2005