Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Better Software
Engineering Practices–
Code Inspection
•Pros:
–Code inspection may catch many buffer overflows that testing won’t
•Cons:
–Time is money
–When using vendor software, you can’t do a code inspection if you don’t have the source code