[OT] NSA guidance on software security
Nick Treleaven
nick at geany.org
Fri Nov 11 18:24:46 UTC 2022
On Friday, 11 November 2022 at 16:07:15 UTC, Siarhei Siamashka
wrote:
> On Friday, 11 November 2022 at 14:52:51 UTC, Nick Treleaven
> wrote:
>> Just declare main @safe.
>
> Have you missed my comment, which was talking about exactly
> that?
You didn't mention main.
>> Memory unsafety is non deterministic. Overflow/underflow is,
>> so it's much less important.
>
> Neither is deterministic. Unless you have strictly
> deterministic input data.
Whatever the input data, without memory safety you can't trigger
the bug through testing alone. It might never occur on your
system, only on your client's. That's why the NSA recognises
memory safety bugs as categorically worse than logic bugs or
overflow/underflow.
More information about the Digitalmars-d
mailing list