WhatsApp BO critical security vulnerability
Adam D. Ruppe
destructionator at gmail.com
Thu May 16 17:09:28 UTC 2019
On Thursday, 16 May 2019 at 16:17:45 UTC, Walter Bright wrote:
> Using asserts and relying on array bounds checking to check the
> validity of incoming data is incorrect.
A security bug is necessarily a bug in the program's logic.
It should be checked separately, but it should ALSO be checked
automatically. In almost all situations. ESPECIALLY in production.
It is defense-in-depth.
More information about the Digitalmars-d
mailing list