[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Mon, 1 Mar 2004 11:05:45 +0000
Johan Peeters writes:
> at FOSDEM, we discussed how I might help to improve free Java's
> security. It seems to me that, for the edifice to be secure, the
> native layer's security is absolutely essential. I scanned the native
> directory with RATS (Rough Auditing Tool for Security -
> http://securesoftware.com) and found a few potential vulnerabilities,
> e.g. regarding the use of strcpy, fprintf, getenv and sprintf. Is
> this worth investigating further, or has it been covered?
I would have thought this very much worth investigating. However,
Classpath is used with a number of native layers, all very different.