A piece on Security Focus by Thomas talking about what talks at Black Hat you need to see:
>From the article:http://www.securityfocus.com/blogs/238

C++ gives you a resizeable string, so you won’t write splitvt. But in 2007, code vulnerabilities don’t look like splitvt anymore, ever. We’ve moved on, through off-by-one errors into integer overflows and now uninitialized variables. On balance, the bug classes C++ introduces are way scarier than the ones it takes off the table.

So, to kick off our series of posts about which Black Hat talks you should be going to this year, I’m going to recommend this one. Mark Dowd and John McDonald, on stage, talking about the ways C++ screws software security that you hadn't thought of before. "Recommend" is an understatement. If you get paid to find vulnerabilities in code, this is the most valuable talk at the conference this year.

Ver todos los episodios