[ Thanks to Jan
Stafford for this link. ]
“In-depth defense is a cardinal rule whenever implementing a
secure IT framework. This is especially true of environments that
operate largely dependent upon applications written using
programming languages known not to be type-safe (such as C). A
buggy application- under the right conditions and with the correct
permissions–can be leveraged to an attacker’s advantage and raises
the specter of system-wide compromise.“Buffer overflow proofs of concept are produced with routine
regularity, demonstrating how easy it can be to leverage unsafe
coding practices into successful attacks and system
takeovers…”