Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
note_on_buffer_overflows [2008/10/26 21:29] vkuncak |
note_on_buffer_overflows [2008/10/26 22:00] (current) vkuncak |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Note on Buffer Overflows ====== | ====== Note on Buffer Overflows ====== | ||
| - | A study by Cisco Systems, describes virus Code Red, | + | A study published as a White Paper by Cisco Systems "Economic Impact of Network Security Threats", describes virus Code Red, |
| "Code Red (2001) | "Code Red (2001) | ||
| Line 10: | Line 10: | ||
| that received this request, there were varied consequences. If the exploit was successful, Code Red began executing on the new victim host." | that received this request, there were varied consequences. If the exploit was successful, Code Red began executing on the new victim host." | ||
| - | and shows the world-wide economic impact to be $2.62 billion. | + | and shows the world-wide economic impact to be **$2.62 billion**. |
| + | |||
| + | The occurrences of these errors were reduced subsequently by a serious push within the company to adopt programming language discipline and tools that effectively turns C into a language where array accesses can be checked to be within bounds. | ||
| + | |||
| + | Many of such errors could be prevented in first place by using memory-safe languages such as Java and Scala (or LISP, invented before C) | ||
| - | Many of such errors could be prevented with memory-safe languages such as Java and Scala. | ||