Spec#, nullables and more
Rainer Deyke
rainerd at eldwood.com
Fri Nov 26 19:29:20 PST 2010
On 11/26/2010 10:28, Bruno Medeiros wrote:
> Yes, Walter's statement that it is impossible for a null pointer to
> cause a security vulnerability is (likely) incorrect.
> But his point at large, considering the discussion that preceded the
> comment, was that null pointers are utterly insignificant with regards
> to security vulnerabilities.
I really hate this way of thinking. Security vulnerabilities are binary
- either they exist or they don't. Every security vulnerability seems
minor until it is exploited.
Yes, some security vulnerabilities are more likely to be exploited than
others. But instead of rationalizing about how significant each
individual security vulnerability is, isn't it better to just fix all of
them?
(I know, I'm a hopeless idealist.)
--
Rainer Deyke - rainerd at eldwood.com
More information about the Digitalmars-d
mailing list