Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
note_on_buffer_overflows [2008/10/26 21:29] vkuncak |
note_on_buffer_overflows [2008/10/26 22:00] (current) vkuncak |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Note on Buffer Overflows ====== | ====== Note on Buffer Overflows ====== | ||
- | A study by Cisco Systems, describes virus Code Red, | + | A study published as a White Paper by Cisco Systems "Economic Impact of Network Security Threats", describes virus Code Red, |
"Code Red (2001) | "Code Red (2001) | ||
Line 10: | Line 10: | ||
that received this request, there were varied consequences. If the exploit was successful, Code Red began executing on the new victim host." | that received this request, there were varied consequences. If the exploit was successful, Code Red began executing on the new victim host." | ||
- | and shows the world-wide economic impact to be $2.62 billion. | + | and shows the world-wide economic impact to be **$2.62 billion**. |
+ | |||
+ | The occurrences of these errors were reduced subsequently by a serious push within the company to adopt programming language discipline and tools that effectively turns C into a language where array accesses can be checked to be within bounds. | ||
+ | |||
+ | Many of such errors could be prevented in first place by using memory-safe languages such as Java and Scala (or LISP, invented before C) | ||
- | Many of such errors could be prevented with memory-safe languages such as Java and Scala. |