[11183] in cryptography@c2.net mail archive
Re: It's Time to Abandon Insecure Languages
daemon@ATHENA.MIT.EDU (Victor.Duchovni@morganstanley.com)
Mon Jul 22 12:46:38 2002
Date: Mon, 22 Jul 2002 12:08:04 -0400 (EDT)
From: <Victor.Duchovni@morganstanley.com>
To: "John S. Denker" <jsd@monmouth.com>
Cc: <cryptography@wasabisystems.com>
In-Reply-To: <3D3C2BC4.BEB80A73@monmouth.com>
This is more indicative of CERT's focus than the relative frequency of
security issues. The fact that a large fraction of e-commerce merchants
let you set the price for the goods you buy is in practice a larger threat
than the widely publicized buffer overflows.
Semantic security bugs in individual web sites do not rate highly enough
on Cert's seismograph, but are in practice far more common.
> My evidence: http://www.cert.org/advisories/
>
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
