[SystemSafety] C++ and Pointers
Derek M Jones
derek at knosof.co.uk
Thu Jun 6 14:37:13 CEST 2019
Peter,
>>> critical-system development in which well over 90% of the discovered vulnerabilities can be put down
>>> to lack of enhanced strong data typing?
>>
>> This sounds interesting. Can you please cite the study that
>> found this.
> I can do better than that; I can tell you how to do it for yourself. Visit the CERT-ICS CVE database
> and count.
Last time I checked: https://ics-cert.us-cert.gov/advisories
they don't provide sufficiently detailed information to deduce
the typing information you are claiming.
I know of a couple of research papers which tried to reverse engineer
the actual code. This was a lot of work.
Perhaps you could save everybody the trouble and provide the
list from your counting of these issues.
Or is this 90% a made up number?
--
Derek M. Jones Software analysis
tel: +44 (0)1252 520667 blog:shape-of-code.coding-guidelines.com
More information about the systemsafety
mailing list