Open-source team fights buffer overflows

By Robert Lemos
Staff Writer, CNET
April 11, 2003, 3:06 PM PT

The OpenBSD project hopes new changes to its latest release will eliminate "buffer overflows," a software issue that has been plaguing security experts for more than three decades.

Theo de Raadt, the project leader for the group, believes that the group's latest improvements to the Unix variant, due to be released on May 1, will make causing a buffer overflow extremely difficult, if not impossible. A buffer overflow is a memory error in software that allows an attacker to run a malicious program.

"I could say that I am killing buffer overflows, but I am in the security community, so I have to put it in quotes," he told attendees at the CanSecWest security show on Thursday.

The memory bugs have resisted extermination for almost 30 years, and de Raadt said that any claims that an open-source group has done so would need to be tested.
continued ...