Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Recent technical reports from the CERT Secure Coding Initiative

From: Jonathan Leffler <jleffler () us ibm com>
Date: Sun, 22 Aug 2010 08:03:34 -0700

Thanks for the reports, Robert.

   Specifications for Managed Strings, Second Edition
   Hal Burch, Fred Long, Raunak Rungta, Robert C. Seacord, & David Svoboda

   CMU/SEI-2010-TR-018

   This report describes a managed string library for the C programming
   language. [...]

   cover date: May 2010

   http://www.sei.cmu.edu/library/abstracts/reports/10tr018.cfm

In the managed string library report, there's a paragraph on p5 that reads:

   Most functions in this technical report include as part of their
   specifications a list of runtime-constraints, which are requirements on
   the program using the library. Despite its name, a runtime-constraint is
   not a kind of constraint. Implementations shall verify that the
   runtime-constraint for a library function are not violated by the
   program

I think that the statement that a 'runtime-constraint is not a kind of
constraint' is confusing to those who do not know exactly what is intended
by the statement, and it could do with some clarification that is not given
immediately in the report.  IMNSHO, at the very least there needs to be a
footnote or pointer to a glossary where the distinction between a
runtime-constraint and a constraint is explained, because otherwise it
merely sounds self-contradictory (or a bad choice of terminology).

--
Jonathan Leffler (jleffler () us ibm com)
STSM, Informix Database Engineering, IBM Information Management
4400 N First St, San Jose, CA 95134-1257
Tel: +1 408-956-2436         Tieline: 475-2436
"I don't suffer from insanity; I enjoy every minute of it!"


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: