The Economist includes an intriguing 'print only interactive' (see the PDF) and has some tongue-in-cheek tips on how to avoid being slain:
<snip>...sit back and grow older
You're not kidding about the advice being tongue-in-cheek.
In an unrelated function I saw an array declared on the stack, getting filled up, and then a pointer to this array getting assigned to a field of an argument to this function, and then a return...
Seriously? What function?
Moving away from C just means you now have to have faith in some bytecode virtual machine's memory and buffer management. Is it a more secure approach? Maybe, but if the root complaint is putting faith in complex software, coding in Java or some
Or you could just use C++ complete with their bounds-checked containers.
All I know is the organization I work for has prohibited use of C or C++ for mission critical software for years now. The languages we use would not ALLOW code to execute which tries to copy 64K from a 2 byte sized container.
C++ has bounds-checked containers.
Still it surprises me that security software can be modified so quickly and with only one review
It's an open source project, who's going to stop them writing the code and making it available?
Unix is the worst operating system; except for all others. -- Berry Kercheval