-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/04/14 23:51, ianG wrote: > 2. Score another 1 up for interpreted languages that handle array > allocation cleanly. This is more or less a buffer overflow, in a > wider sense.
Not just interpreted languages - a modern compiled language such as D or Go would also have caught this. I'm curious - does anyone on this list still use C or C++ for new projects? If so, what's the advantage that outweighs the enormous, repeatedly demonstrated disadvantage of memory handling bugs? > 4. This should put to rest any silly claims that the NSA put the > bug into play themselves. The programmer and the reviewer missed > it. I don't see how a claim that the NSA exploited the bug is evidence that the NSA didn't plant the bug. (Not that I believe they did - but this isn't evidence that they didn't.) Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBCAAGBQJTSUvjAAoJEBEET9GfxSfMG9cH/Ak2acQG13WyP5HwOzWsTr7u T2sX8rtKpy51jPb6OWZudrq6CpqBm3ofsMTIkxYXu5vX/Roz/5Q+G+btikWO34NT Gz5Fl6iz1yF68TT23VtG79PNhl5zwDmZvpeESyOkb0tXOFSuK/Wu139nIOFCMJkg S4fvbDEuLteYSNOiAWjxDP9Xa4vT8kAvVxME8UaQIcMYFF0dbiTaIujto99WOBv0 JfoprZbfhd/Xw05iJWwsbF0NInfN4nRWnIvqEKxjQOhziLrDRZlepKhA0z9sE3Bi d+sRytwoF3pqDgouLARwKjBfsBWgjaS+uMLHQ4Gg7/i/HbRVntcwXGBtY78PCd8= =sftN -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography