Return to the
comp.compilers page.
Search the
comp.compilers archives again.
| From: | Shriram Krishnamurthi <shriram@cs.rice.edu> |
| Newsgroups: | comp.compilers |
| Date: | 16 Aug 1998 22:43:46 -0400 |
| Organization: | Rice University, Houston, Texas |
| References: | 98-07-242 98-07-246 98-08-014 98-08-029 98-08-081 |
| Keywords: | C, practice, comment |
eodell@pobox.com (Eric O'Dell) writes:
> [Buffer overflows = programmer laziness, pure and simple.]
> IMHO, if this is a problem for your organization, it's a sign that
> your hiring practices, and not your programming tools, are at fault.
You should read the fuzz-testing papers that Barton Miller and
Co. from Wisconsin have published in CACM. I believe the original
came out in 1990, and a follow-up in about 1995. It appears that even
the mightiest of employers in this industry -- the ones supposedly
with the smart programmers -- have, ah, faulty hiring practices.
'shriram
[Were those the experiments that showed that nearly every program that
came with Unix crashed when fed random input? Pretty sad. -John]
--
Return to the
comp.compilers page.
Search the
comp.compilers archives again.