Mime-Version:
1.0
Date:
Wed, 6 Feb 2002 09:11:02 -0600
Content-Type:
text/plain; charset="us-ascii"
|
I recall from my analysis of the data used by Mark Eisenstadt to classify
really difficult bugs that there were a good number of bugs resulting from
array bounds errors. Errors that Ada and Java would have caught.
Mark's article is Eisenstadt, M. (1997). My Hairiest Bug War Stories.
Communications of the ACM, 40, 30-37.
While he didn't give all the data on the bugs, he will make it available on
request.
John
At 09:14 AM 2/6/2002 -0500, Ada Marketing wrote:
>Tom,
>
>I don't want to be negative, but I don't see Ada as less susceptible to
>buffer overflow. You can still write bad code. The advantage on the
>Ada side is that most data structures (probably all) will raise a
>predefined or user defined exception should an overflow occur. Thus the
>overflow can not be as easily ignored.
>
>
>"Thomas A. Panfil" wrote:
>
>> Hi All,
>>
>> I'd like to be able to cite a good paper on why Buffer Overflow
>> susceptibility is common in software written in some popular
>> language(s), and rare or relatively easy to prevent when using
>> other languages. Advice, anyone?
>>
>> Thomas A. Panfil / Treasurer -- Baltimore SIGAda
-------------------------------------------------------
John W. McCormick [log in to unmask]
Computer Science Department [log in to unmask]
University of Northern Iowa voice (319) 273-6056
Cedar Falls, IA 50614-0507 fax (319) 273-7123
http://www.cs.uni.edu/~mccormic/
|
|
|