I would certainly suspect that for *security* problems buffer overruns are far and away the biggest problem. You see it all the time: the programmer declares a 50-byte buffer for reading-in an 8 byte value, and then just assumes that is "big enough" and does not limit or check the read.
For problems as a whole, I'm still going with =. <g> Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Rupert Reynolds Sent: Wednesday, March 30, 2022 6:54 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: PL/I question That's a common problem, certainly, but if we include the wider world of micros and minis, I'd bet that buffer overuns related to null-teminated strings (BLEAH!) are in the lead :-) I once saw a report quoting Microsoft that half of all vulnerabilities were buffer overruns. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
