Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. http://sfsecurity.pr.erau.edu

Buffer
Overflow Vulnerabilities
not detected during development
and QA get into
products
¸Vulnerable code
slips through tests and inspection
¸New products expose
buffer overflows in old code from libraries
and other vendors
¸Proper use of products to avoid buffer overflows isn't known or documented

