Re: Ancient history

In article <d8kc7h$rat$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com>,
Andrew Swallow <am.swallow@btopenworld.com> wrote:
>David Wagner wrote:
>> Nick Maclaren wrote:
>>
>>>My experience (and that of many other people) is that the
>>>majority of errors in real programs are of the sort that could not
>>>be caught by a practical C bounds checker.
>>
>> I'll take a 20% reduction in security holes, even if it is not
>> a majority.
>
>A simple action is to add a statement saying, "Checks for
>queue/buffer overflows shall be performed and an appropriate
>recovery action performed."

Even if that causes a 30% incidence of valid programs failing?

The problem is that nobody knows when such things are legal and
when they are not in C.

Regards,
Nick Maclaren.
Received on Thu Sep 29 21:43:35 2005