Reply to post: Re: "at least one being a buffer overflow"

What do you not want right now? A bunch of Cisco SD-WAN, Webex vulnerabilities? Here are a bunch of them

Richard 12 Silver badge

Re: "at least one being a buffer overflow"

Within the last few months I and another reviewer asked an open-source project lead to reject a PR because its API alone had a buffer overflow vulnerability - it didn't even pass the size of the buffer at all, let alone check the data fit...

The author of the PR then spent the next few weeks denying there could be a problem, and calling us trolls.

They even said that the test case was "not a valid file" and so they wouldn't fix it.

I don't know if that particular idiot works in the industry, but if they do it's pretty obvious that their professional projects will be worse...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022