I am affected by this bug, but can't seem to find any real place to follow it. I searched https://bugzilla.kernel.org/ but that didn't turn up anything. Anyone know where the source of truth for tracking this issue might be located?
Microsoft has problems because they employ a large number of programmers that have just recently been educated about secure programming techniques.
I believe the problem was educational institutions bracing for the impact of the dot com bubble, throwing together CS curriculum that cuts out the needs for bounds checking when moving data around memory, and then pumping students through their program.
To be honest with you, I do believe that writing code without buffer overflow vulnerabilities is an easy thing to achieve. Furthermore, if a company's programmers can't avoid them, simple checks can be placed into their compiler to throw warnings when they're detected.
With security being as important as it is today, ignoring the idea that code one authors might be insecure is plain negligence, IHMO.
There is no excuse for not being a "security-oriented programmer". There are tons of tutorials on the web. Avoiding overflows is a simple task that anyone can learn to accomplish.
Vulnerabilities that exist in OSVDB have a status and each vulnerability requires some work before we hand out the information. The vulnerabilities on the front page are the last ten vulnerabilities that have been deemed complete, and ready for general consumption.
Slashdot Mirror
I am affected by this bug, but can't seem to find any real place to follow it. I searched https://bugzilla.kernel.org/ but that didn't turn up anything. Anyone know where the source of truth for tracking this issue might be located?
From that post: "Data will only be gathered from in game. Web browsing and other profiling data is not being gathered."
What data can be collected "in game" that would be useful to advertisement in game?
"The purpose of the gathering is to determine if an ad is viewed by players."
When he says, "viewed by players" does that mean viewed in game, or with a web browser?
Microsoft has problems because they employ a large number of programmers that have just recently been educated about secure programming techniques.
I believe the problem was educational institutions bracing for the impact of the dot com bubble, throwing together CS curriculum that cuts out the needs for bounds checking when moving data around memory, and then pumping students through their program.
To be honest with you, I do believe that writing code without buffer overflow vulnerabilities is an easy thing to achieve. Furthermore, if a company's programmers can't avoid them, simple checks can be placed into their compiler to throw warnings when they're detected.
With security being as important as it is today, ignoring the idea that code one authors might be insecure is plain negligence, IHMO.
There is no excuse for not being a "security-oriented programmer". There are tons of tutorials on the web. Avoiding overflows is a simple task that anyone can learn to accomplish.
Vulnerabilities that exist in OSVDB have a status and each vulnerability requires some work before we hand out the information. The vulnerabilities on the front page are the last ten vulnerabilities that have been deemed complete, and ready for general consumption.
Check out the FAQ for more information.