It's Time to Abandon Insecure Languages
Greg Broiles
gbroiles at parrhesia.com
Mon Jul 22 13:38:04 EDT 2002
At 12:50 PM 7/22/2002 -0400, Victor.Duchovni at morganstanley.com wrote:
>CERT is far from a comprehensive source of security bug reports. Does
>anyone have statistics of bug types for Bugtraq or Mitre's CVE?
The CVE data is available at <http://www.cve.mitre.org/cve/downloads/>;
a mechanical (e.g., string-based) search of the database for all reports
(2224 as of the data set from June 25, 2002) find 461 which mention the
string "buffer overflow" in their description.
For the 563 reports dated in 2001, 99 mentioned buffer overflows.
For the 88 reports published so far in 2002, 21 mentioned buffer overflows.
But - the CVE web pages specifically warn, "CVE is not designed like a
vulnerability database, so searches for general terms like "Unix" or
"buffer overflow" could give you incomplete or inaccurate results."
--
Greg Broiles -- gbroiles at parrhesia.com -- PGP 0x26E4488c or 0x94245961
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list