[EMAIL PROTECTED] wrote: > > This is more indicative of CERT's focus than the relative frequency of > security issues. The fact that a large fraction of e-commerce merchants > let you set the price for the goods you buy is in practice a larger threat > than the widely publicized buffer overflows. > > Semantic security bugs in individual web sites do not rate highly enough > on Cert's seismograph, but are in practice far more common.
Interesting...... Earlier he wrote > Most security bugs reported these days are issues ^^^^^^^^ > with application semantics We are talking about _reported_ bugs. If CERT is not the right place to look for reports, please tell us where we _can_ find appropriate reports. I was trained as a scientist. I like to look at data. Listening to other people's summaries and conclusions is nice, too, but sometimes it pays off to take a look at the real data. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]