Secure Coding mailing list archives
Re: Looking for good software security stats
From: Pascal Meunier <pmeunier () cerias purdue edu>
Date: Tue, 09 Mar 2004 00:14:22 +0000
It's ironic that the registration to see a security book sample is "required" by an asinine javascript. Turn off javascript and the mechanism is defeated. Oops, does turning off javascript violate the DMCA? :-) Cheers, Pascal Meunier Purdue University CERIAS On Mar 4, 2004, at 8:04 AM, Greenarrow 1 wrote:
At this site they have a Adobe Pdf all about the below subject if anyone is interested in reading: http://searchsecurity.techtarget.com/tip/ 1,289483,sid14_gci952377,00.html?track=NL-102&ad=477590 [Ed. That would be the new Hoglund and McGraw book. Oh, and (free) registration is required for the above site. KRvW] Exploiting Software: How to Break Code, Chapter 7 -- Buffer Overflow Buffer Overflow 101 The buffer overflow remains the crown jewel of attacks, and it is likely to remain so for years to come. Part of this has to do with the common existence of vulnerabilities leading to buffer overflow. If holes are there, they will be exploited. Languages that have out-of-date memory management capability such as C and C++ make buffer overflows more common than they should be. As long as developers remain unaware of the security ramifications of using certain everyday library functions and system calls, the buffer overflow will remain commonplace Regards, George Greenarrow1 InNetInvestigations-Forensics ----- Original Message ----- From: "Kenneth R. van Wyk" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 03, 2004 12:17 PM Subject: [SC-L] Looking for good software security statsHi all, I'm looking for published reports on software vulnerabilities with regard to the software development process. With a bit of googling, I've found some good starting points (e.g., www.securitytracker.com/ learn/securitytracker-stats-2002.pdf), that provide stats on vulnerabilities by type. I'm particularly interested in stats that provide insight into where in the software development process the vulnerabilities were introduced. Anyone have some good citations to share? Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com
Current thread:
- Looking for good software security stats Kenneth R. van Wyk (Mar 03)
- Re: Looking for good software security stats Chris Wysopal (Mar 03)
- <Possible follow-ups>
- Re: Looking for good software security stats Greenarrow 1 (Mar 04)
- Re: Looking for good software security stats Pascal Meunier (Mar 08)
- RE: Looking for good software security stats Gary McGraw (Mar 08)