Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. http://sfsecurity.pr.erau.edu
Buffer Overflow Vulnerabilities
not detected during development
and QA get into products
¸Vulnerable code slips through tests and inspection
¸New products expose buffer overflows in old code from libraries and other
vendors
¸Proper use of products to avoid buffer overflows isn't known or documented