Re: Suggestion of Repositioning CWE #244

At 3:08 PM -0400 7/3/08, koo wrote:

> We suggest that CWE #244, Failure to Clear Heap Memory Before Release,

It seems to me that it would be sufficient for the operating
system to clear the memory before reallocation to a process.
Why be concerned about the state when no process can access
it ?

Is there a separate item for clearing stack memory ?  That
would seem vulnerable in the same ways.
--
Larry Kilgallen