On Fri, Apr 25, 2008 at 11:45:25AM -0400, Paul Koning wrote: > Robert> To me, the whole notion of this vulnerability node is flawed > Robert> in that respect. You can write a lengthy and useful book on > Robert> pitfalls in C that must be avoided, but I see no reason to > Robert> turn such a book into a cert advisory, let alone pick out a > Robert> single arbitrary example on a particular compiler! > > I think that comment is absolutely correct.
The R in CERT is "Response" (at least it used to be; I can't find an expansion on their web site...). They're responding to a problem that was reported to them, and alerting others to the problem. We can argue about the details, but not about the need to respond. -- Daniel Jacobowitz CodeSourcery
