Posted May 25, 2012 10:42 UTC (Fri) by man_ls
In reply to: Trustworthy input?
Parent article: A Tale of Two Pwnies (Part 1)
A heuristic refinement of your statement would be: confine processing of user input to a specific module inside your program, and treat bugs in that module as security bugs. The remaining bugs should have lower priority (but they might also be security bugs if the input module doesn't do a good job).
to post comments)