Secure Coding mailing list archives
Re: Recent technical reports from the CERT Secure Coding Initiative
From: Jonathan Leffler <jleffler () us ibm com>
Date: Sun, 22 Aug 2010 08:03:34 -0700
Thanks for the reports, Robert. Specifications for Managed Strings, Second Edition Hal Burch, Fred Long, Raunak Rungta, Robert C. Seacord, & David Svoboda CMU/SEI-2010-TR-018 This report describes a managed string library for the C programming language. [...] cover date: May 2010 http://www.sei.cmu.edu/library/abstracts/reports/10tr018.cfm In the managed string library report, there's a paragraph on p5 that reads: Most functions in this technical report include as part of their specifications a list of runtime-constraints, which are requirements on the program using the library. Despite its name, a runtime-constraint is not a kind of constraint. Implementations shall verify that the runtime-constraint for a library function are not violated by the program I think that the statement that a 'runtime-constraint is not a kind of constraint' is confusing to those who do not know exactly what is intended by the statement, and it could do with some clarification that is not given immediately in the report. IMNSHO, at the very least there needs to be a footnote or pointer to a glossary where the distinction between a runtime-constraint and a constraint is explained, because otherwise it merely sounds self-contradictory (or a bad choice of terminology). -- Jonathan Leffler (jleffler () us ibm com) STSM, Informix Database Engineering, IBM Information Management 4400 N First St, San Jose, CA 95134-1257 Tel: +1 408-956-2436 Tieline: 475-2436 "I don't suffer from insanity; I enjoy every minute of it!"
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Re: Recent technical reports from the CERT Secure Coding Initiative Jonathan Leffler (Aug 23)