It's Time to Abandon Insecure Languages
John S. Denker
jsd at monmouth.com
Mon Jul 22 12:42:38 EDT 2002
Victor.Duchovni at morganstanley.com wrote:
>
> This is more indicative of CERT's focus than the relative frequency of
> security issues. The fact that a large fraction of e-commerce merchants
> let you set the price for the goods you buy is in practice a larger threat
> than the widely publicized buffer overflows.
>
> Semantic security bugs in individual web sites do not rate highly enough
> on Cert's seismograph, but are in practice far more common.
Interesting......
Earlier he wrote
> Most security bugs reported these days are issues
^^^^^^^^
> with application semantics
We are talking about _reported_ bugs. If CERT is not the
right place to look for reports, please tell us where we
_can_ find appropriate reports.
I was trained as a scientist. I like to look at data.
Listening to other people's summaries and conclusions is
nice, too, but sometimes it pays off to take a look at
the real data.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list