Date: Thu, 13 May 1999 10:27:53 -0600 From: Brett Glass <brett@lariat.org> To: chris@calldei.com Cc: Jamie Bowden <ragnar@sysabend.org>, chat@FreeBSD.ORG Subject: Re: BSD, GPL, the world today. (fwd) Message-ID: <4.2.0.37.19990513102444.04697e40@localhost> In-Reply-To: <19990513112210.A19394@holly.dyndns.org> References: <4.2.0.37.19990513095524.04429440@localhost> <Pine.BSF.3.96.990513104700.2143C-100000@beelzebubba.sysabe nd.org> <4.2.0.37.19990513095524.04429440@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:22 AM 5/13/99 -0500, Chris Costello wrote: > The solution to the problem of 'Black Hats' exploiting open >source software before 'White Hats' can fix it is to learn how to >code properly. The problem is that open source is a volunteer effort, and skills vary widely. The tools must be built so as to prevent the errors from occurring in the first place, at least inasmuch as possible. There SHOULD NOT BE an sprintf() function in the C library, for example. In fact, I'll go farther and say that strings and arrays terminated by sentinels should be removed from computer languages. > If they did enough testing (I believe buffer >overflow, formatting "bugs", etc), the problem would be much >smaller. Quality must be built in, not tested in. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.37.19990513102444.04697e40>