At 8:31 AM -0400 7/7/08, Pascal Meunier wrote:
> ljknews wrote:
>> At 3:08 PM -0400 7/3/08, koo wrote:
>>
>>> We suggest that CWE #244, Failure to Clear Heap Memory Before Release,
>>
>> It seems to me that it would be sufficient for the operating
>> system to clear the memory before reallocation to a process.
>> Why be concerned about the state when no process can access
>> it ?
>>
> Can you, or should you, as the paranoid secure programmer of an
> application, trust the OS to do wipe heap memory before it passes the
> memory on to another process or even uses it itself?
On the operating system I use, absolutely.
--
Larry Kilgallen
