28
y“Open Source Security: Still a
Myth”
xJohn
Viega (co-author of Secure Programming Cookbook for
C and C++)
xO’Reilly,
9/16/04
yA
few (approximate) quotes:
xMost
people look for the low-hanging fruit: straightforward
instances of common problems such as buffer overflows, format string
problems, and SQL injection. Less sexy risks tend to get ignored.