[plt-scheme] Why do folks implement statically typed languages?

From: Grant Rettke (grettke at acm.org)
Date: Thu May 31 16:26:58 EDT 2007

Previous message: [plt-scheme] Why do folks implement statically typed languages?
Next message: [plt-scheme] Why do folks implement statically typed languages?
Messages sorted by: [date] [thread] [subject] [author]

> On May 31, 2007, at 11:46 AM, Noel Welsh wrote:
>
> > Just came across this:
> >
> >  http://www.sans-ssi.org/top_three.pdf
> >
> > It lists the top 3 errors causing security holes.  They are:
> >
> > 1. Using unvalidated user input.
> > 2. Buffer overflow
> > 3. "Handling integers incorrectly"

Buffer overflows usually mean folks aren't thinking about the fact
that other folks are sending malicious data (I'm not going to touch on
the reasons for this). There are safe C functions that address this.
For example:

http://www.gratisoft.us/todd/papers/strlcpy.html

Posted on the users mailing list.

Previous message: [plt-scheme] Why do folks implement statically typed languages?
Next message: [plt-scheme] Why do folks implement statically typed languages?
Messages sorted by: [date] [thread] [subject] [author]