At 4:41 PM -0500 2/4/08, Steven M. Christey wrote: > On Mon, 4 Feb 2008, Robert A. Martin wrote: > >> You still need to add to that issues that apply to all languages >> versus these lists of language specific weaknesses and C and C++ have >> significant overlap given their relationship. > > There is an important point to keep in mind when using the (current) CWE > views. Some weaknesses have been marked with an "All Languages" tag, even > though they might be more prevalent in certain languages. For example, > format string problems can happen in any language that uses format strings > ("%99999999s" to fill up disk or memory, anybody?), so it's marked with > "All" and it's not in the C-specific view, even though there's a heavy > concentration of format strings in C/C++.
It is marked as "All" ? What is the construct in Ada that has such a risk ? -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________