On Thu, Nov 11, 2004 at 04:56:20PM -0500, ljknews wrote: > At 2:48 PM -0500 11/11/04, Paco Hope wrote: > > >On 11/11/04 11:46 AM, "ljknews" <[EMAIL PROTECTED]> wrote: > >> As a software developer, I care about such issues, but the compiliations > >> you list are largely not applicable to the operating system and programming > >> languages with which I work. > > > > I am still looking for a forum that omits those problems due to choice > of C and related programming languages that use null terminated string. > I know that is a bad idea, and I don't do it. > > I am still looking for a forum that omits problems propagated over IP > and related protocols. I don't do that either. > > I have yet to see a standard "tool" (as distinguished from social > engineering technique) from elsewhere that fits VMS. >
RISK Digest <http://www.risk.org/> (comp.risks) is about the closest, although not security focused it does discuss system failures beyond buffer overflows and TCP/IP protocol suite. It does not exclude familiar risks (and documented failures) of buffer overflows, but extends into numerous design related failures which can have security implications which transcend any given platoform or language. Of course VMS is not immune to security risks. I know, I created more than one insecure piece of software for VMS (in-house stuff that is now retired).
