[–] WalterBright 6y ago ↗ [1], [5], and [12] are array bounds overflows, and sum up to a score of 113.17.In contrast, [14] Null Pointer Dereference only has a score of 9.74.This is why I disagree that null pointers were the billion dollar mistake - buffer overflows are.C's Biggest Mistake: https://www.digitalmars.com/articles/b44.html [–] tgv 6y ago ↗ The billion dollar mistake refers to Hoare's statement, not the fact that it might have been a more or less costly error. And errors in terms of security are not all that matter: a simple crash can cost money too.https://en.wikipedia.org/wiki/Tony_Hoare#Apologies_and_retra...
[–] tgv 6y ago ↗ The billion dollar mistake refers to Hoare's statement, not the fact that it might have been a more or less costly error. And errors in terms of security are not all that matter: a simple crash can cost money too.https://en.wikipedia.org/wiki/Tony_Hoare#Apologies_and_retra...
[–] blowski 6y ago ↗ I find the OWASP cheatsheets to be a good start at identifying, understanding and fixing issues like these.https://cheatsheetseries.owasp.org/cheatsheets/IndexASVS.htm...
5 comments
[ 4.2 ms ] story [ 13.6 ms ] threadIn contrast, [14] Null Pointer Dereference only has a score of 9.74.
This is why I disagree that null pointers were the billion dollar mistake - buffer overflows are.
C's Biggest Mistake: https://www.digitalmars.com/articles/b44.html
https://en.wikipedia.org/wiki/Tony_Hoare#Apologies_and_retra...
https://cheatsheetseries.owasp.org/cheatsheets/IndexASVS.htm...