Remove disclaimer about 2s complement. Update other language.
This commit is contained in:
parent
026304ac09
commit
474572948a
17
security.txt
17
security.txt
|
@ -28,10 +28,10 @@ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|||
|
||||
Like any software, there is always a possibility of failure due to a flawed
|
||||
implementation. Nevertheless a good faith effort has been made to minimize
|
||||
such flaws in Bstrlib. Also, use of Bstrlib by itself will not make an
|
||||
application secure or free from implementation failures. However, it is the
|
||||
author's conviction that use of Bstrlib can greatly facilitate the creation
|
||||
of software meeting the highest possible standards of security.
|
||||
such flaws in Bstrlib. Use of Bstrlib by itself will not make an application
|
||||
secure or free from implementation failures, however, it is the author's
|
||||
conviction that use of Bstrlib can greatly facilitate the creation of
|
||||
software meeting the highest possible standards of security.
|
||||
|
||||
Part of the reason why this document has been created, is for the purpose of
|
||||
security auditing, or the creation of further "Statements on Security" for
|
||||
|
@ -81,11 +81,6 @@ is aborted. If the memory to hold the string exceeds the available memory
|
|||
for it, again, the result is aborted without changing the prior state of the
|
||||
strings.
|
||||
|
||||
These behaviors rely on the use of 2s complement by the underlying machine
|
||||
architecture. It is unknown if these properties hold on machines that do
|
||||
not represent integers as 2s complement. It is recommended that Bstrlib be
|
||||
carefully auditted by anyone using a system which is not 2s complement based.
|
||||
|
||||
3. Constant string protection
|
||||
|
||||
Bstrlib implements runtime enforced constant and read-only string semantics.
|
||||
|
@ -217,6 +212,6 @@ Obscure issues:
|
|||
|
||||
13. Data attributes
|
||||
|
||||
There is no support for a Perl-like "taint" attribute, however, an example of
|
||||
how to do this using C++'s type system is given as an example.
|
||||
There is no support for a Perl-like "taint" attribute, although this is a
|
||||
fairly straightforward exercise using C++'s type system.
|
||||
|
||||
|
|
Loading…
Reference in New Issue