At 9:16 PM +0100 11/1/07, Johan Peeters wrote:
> I think this could do a great service to the community.
> 
> Recently I was hired by a major financial institution as a lead
> developer. They said they needed me for some Java applications, but it
> turns out that the majority of code is in COBOL. As I have never
> before been anywhere near COBOL, this comes as a culture shock. I was
> surprised at the paucity of readily available information on COBOL
> vulnerabilities, yet my gut feeling is that there are plenty of
> security problems lurking there. Since so much of the financial
> services industry is powered by COBOL, I would have thought that
> someone would have done a thorough study of COBOL's security posture.
> I certainly have not found one. Anyone else?

Can anyone point to stories about Cobol exploits ?

I mean exploits that have to do with the nature of the language, not
social engineering attacks that happened to take place against a Cobol
shop.

My limited exposure to Cobol makes me think it is as unlikely to have
a buffer overflow as PL/I or Ada.
-- 
Larry Kilgallen
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________

Reply via email to