[11186] in cryptography@c2.net mail archive
Re: It's Time to Abandon Insecure Languages
daemon@ATHENA.MIT.EDU (Greg Broiles)
Mon Jul 22 17:11:18 2002
Date: Mon, 22 Jul 2002 10:38:04 -0700
To: <Victor.Duchovni@morganstanley.com>,
"John S. Denker" <jsd@monmouth.com>
From: Greg Broiles <gbroiles@parrhesia.com>
Cc: <cryptography@wasabisystems.com>
In-Reply-To: <Pine.GSO.4.33.0207221246040.1654-100000@sasas1>
At 12:50 PM 7/22/2002 -0400, Victor.Duchovni@morganstanley.com wrote:
>CERT is far from a comprehensive source of security bug reports. Does
>anyone have statistics of bug types for Bugtraq or Mitre's CVE?
The CVE data is available at <http://www.cve.mitre.org/cve/downloads/>;
a mechanical (e.g., string-based) search of the database for all reports
(2224 as of the data set from June 25, 2002) find 461 which mention the
string "buffer overflow" in their description.
For the 563 reports dated in 2001, 99 mentioned buffer overflows.
For the 88 reports published so far in 2002, 21 mentioned buffer overflows.
But - the CVE web pages specifically warn, "CVE is not designed like a
vulnerability database, so searches for general terms like "Unix" or
"buffer overflow" could give you incomplete or inaccurate results."
--
Greg Broiles -- gbroiles@parrhesia.com -- PGP 0x26E4488c or 0x94245961
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
