Philosophically Secure / Ruby vulnerabilities

Ruby vulnerabilities

There are already plenty of people talking/screaming/crying about the recent bugs found in the Ruby programming language:

Techworld
Ruby Inside
ZSFA
Matasano Chargen

The list of CVEs created to track these bugs:

CVE-2008-2662
CVE-2008-2663
CVE-2008-2725
CVE-2008-2726
CVE-2008-2664

The funny thing is, these vulnerabilities were created in the run-time implementation of Ruby, which is itself written in C. So it’s really not all that surprising, considering how hard it is to write secure, large, bug-free C programs.

Diggdel.icio.usFacebookStumbleUpon

Post a comment — Trackback URI RSS 2.0 feed for these comments This entry (permalink) was posted on Wednesday, June 25, 2008, at 20:06 by eugenekogan. Filed in development, security.

Philosophically Secure

Ruby vulnerabilities

Post a Comment

Home

Pages

Links

RSS Links

Archives

Meta

Search

Categories