undefined | Better HN

0 pointsuserbinator10y ago0 comments

I wonder where this "length blindness" comes from, since it certainly leads to a lot of vulnerabilities. Are these programmers who started with a higher-level language than C, one with dynamically sized strings that automatically expand? Do they even know how big the buffer is, or how long the input string could conceivably be? Did they ever consider the case where the input is very, very long?

A funny analogy I've heard is "programmers who don't know the size of their buffers are like drivers who don't know the size of their cars."

0 comments

bentcorner10y ago

Just to hazard a guess, there's probably little organizational incentive to prevent security issues in the first place.

j / k navigate · click thread line to collapse

0 pointsuserbinator10y ago0 comments

A funny analogy I've heard is "programmers who don't know the size of their buffers are like drivers who don't know the size of their cars."

0 comments

bentcorner10y ago

Just to hazard a guess, there's probably little organizational incentive to prevent security issues in the first place.

j / k navigate · click thread line to collapse