[sr #107522] Use of dangerous/banned functions
Jeffrey Walton
INVALID.NOREPLY at gnu.org
Wed Nov 17 01:09:00 CET 2010
Follow-up Comment #1, sr #107522 (project gnutls):
Forgot to mention....
I cited Apple's security guide because the table is compiled (so it offers
copy/paste convenience). Wheeler's security guide says about the same in more
words (Wheeler is more in depth because he also discusses other "safe"
libraries). And Microsoft has a succinct page: Security Development Lifecycle
(SDL) Banned Function Calls,
http://msdn.microsoft.com/en-us/library/bb288454.aspx.
One fellow on [BuqTraq|FunSec|FullDisclosure] summed it up nicely, "there's
no reason to be using strcpy in 2010". (can't find the reference at the
moment).
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107522>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the Gnutls-devel
mailing list