[SC-L] Recent technical reports from the CERT Secure Coding Initiative
Jonathan Leffler
jleffler at us.ibm.com
Sun Aug 22 11:03:34 EDT 2010
Thanks for the reports, Robert.
Specifications for Managed Strings, Second Edition
Hal Burch, Fred Long, Raunak Rungta, Robert C. Seacord, & David Svoboda
CMU/SEI-2010-TR-018
This report describes a managed string library for the C programming
language. [...]
cover date: May 2010
http://www.sei.cmu.edu/library/abstracts/reports/10tr018.cfm
In the managed string library report, there's a paragraph on p5 that reads:
Most functions in this technical report include as part of their
specifications a list of runtime-constraints, which are requirements on
the program using the library. Despite its name, a runtime-constraint is
not a kind of constraint. Implementations shall verify that the
runtime-constraint for a library function are not violated by the
program
I think that the statement that a 'runtime-constraint is not a kind of
constraint' is confusing to those who do not know exactly what is intended
by the statement, and it could do with some clarification that is not given
immediately in the report. IMNSHO, at the very least there needs to be a
footnote or pointer to a glossary where the distinction between a
runtime-constraint and a constraint is explained, because otherwise it
merely sounds self-contradictory (or a bad choice of terminology).
--
Jonathan Leffler (jleffler at us.ibm.com)
STSM, Informix Database Engineering, IBM Information Management
4400 N First St, San Jose, CA 95134-1257
Tel: +1 408-956-2436 Tieline: 475-2436
"I don't suffer from insanity; I enjoy every minute of it!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://krvw.com/pipermail/sc-l/attachments/20100822/5044fa2d/attachment.htm>
More information about the SC-L
mailing list