* Robert Dewar: > To me, the whole notion of this vulnerability node > is flawed in that respect. You can write a lengthy > and useful book on pitfalls in C that must be > avoided, but I see no reason to turn such a book > into a cert advisory,
I think it's useful to point out in security advisories widespread coding mistakens which are particularly security-related. Perhaps I'm biased because I did that for incorrect integer over flow checks in C code back in 2002. My motivation back then was that advisories were published about common configuration mistakes, even though the underlying tool was working as documented--and misusing a compiler seems to fall in the same category.
