It's ironic that the registration to see a security book sample is "required" by an asinine javascript. Turn off javascript and the mechanism is defeated. Oops, does turning off javascript violate the DMCA? :-)
Cheers, Pascal Meunier Purdue University CERIAS On Mar 4, 2004, at 8:04 AM, Greenarrow 1 wrote: > At this site they have a Adobe Pdf all about the below subject if > anyone is > interested in reading: > > http://searchsecurity.techtarget.com/tip/ > 1,289483,sid14_gci952377,00.html?track=NL-102&ad=477590 > > [Ed. That would be the new Hoglund and McGraw book. Oh, and (free) > registration is required for the above site. KRvW] > > Exploiting Software: How to Break Code, Chapter 7 -- Buffer Overflow > > Buffer Overflow 101 > The buffer overflow remains the crown jewel of attacks, and it is > likely to > remain so for years to come. Part of this has to do with the common > existence of vulnerabilities leading to buffer overflow. If holes are > there, > they will be exploited. Languages that have out-of-date memory > management > capability such as C and C++ make buffer overflows more common than > they > should be. As long as developers remain unaware of the security > ramifications of using certain everyday library functions and system > calls, > the buffer overflow will remain commonplace > > Regards, > George > Greenarrow1 > InNetInvestigations-Forensics > > > ----- Original Message ----- > From: "Kenneth R. van Wyk" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, March 03, 2004 12:17 PM > Subject: [SC-L] Looking for good software security stats > >> Hi all, >> >> I'm looking for published reports on software vulnerabilities with >> regard >> to >> the software development process. With a bit of googling, I've found >> some >> good starting points (e.g., www.securitytracker.com/ >> learn/securitytracker-stats-2002.pdf), that provide stats on >> vulnerabilities >> by type. I'm particularly interested in stats that provide insight >> into >> where in the software development process the vulnerabilities were >> introduced. >> >> Anyone have some good citations to share? >> >> Cheers, >> >> Ken van Wyk >> -- >> KRvW Associates, LLC >> http://www.KRvW.com
