This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: US-CERT Vulnerability Note VU#162289

* Robert Dewar:

> To me, the whole notion of this vulnerability node
> is flawed in that respect. You can write a lengthy
> and useful book on pitfalls in C that must be
> avoided, but I see no reason to turn such a book
> into a cert advisory,

I think it's useful to point out in security advisories widespread
coding mistakens which are particularly security-related.  Perhaps I'm
biased because I did that for incorrect integer over flow checks in C
code back in 2002.  My motivation back then was that advisories were
published about common configuration mistakes, even though the
underlying tool was working as documented--and misusing a compiler seems
to fall in the same category.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]