[11184] in cryptography@c2.net mail archive
Re: It's Time to Abandon Insecure Languages
daemon@ATHENA.MIT.EDU (John S. Denker)
Mon Jul 22 12:48:54 2002
Date: Mon, 22 Jul 2002 12:42:38 -0400
From: "John S. Denker" <jsd@monmouth.com>
To: Victor.Duchovni@morganstanley.com
Cc: cryptography@wasabisystems.com
Victor.Duchovni@morganstanley.com wrote:
>
> This is more indicative of CERT's focus than the relative frequency of
> security issues. The fact that a large fraction of e-commerce merchants
> let you set the price for the goods you buy is in practice a larger threat
> than the widely publicized buffer overflows.
>
> Semantic security bugs in individual web sites do not rate highly enough
> on Cert's seismograph, but are in practice far more common.
Interesting......
Earlier he wrote
> Most security bugs reported these days are issues
^^^^^^^^
> with application semantics
We are talking about _reported_ bugs. If CERT is not the
right place to look for reports, please tell us where we
_can_ find appropriate reports.
I was trained as a scientist. I like to look at data.
Listening to other people's summaries and conclusions is
nice, too, but sometimes it pays off to take a look at
the real data.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
