Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use. That’s the conclusion of research presented last week at Black Hat Europe by IOActive’s Fernando Arnaboldi.
As Arnaboldi wrote in his Black Hat Europe paper [PDF]: “software developers may unknowingly include code in an application that can be used in a way that the designer did not foresee. Some of these behaviors pose a security risk to applications that were securely developed according to guidelines.”
Read more at The Register