One of the major disciplines in computer science is parsing/formatting. This is the process of converting the external format of data (file formats, network protocols, hardware registers) into the internal format (the data structures that software operates on).

It should be a formal computer-science discipline, because it’s actually a lot more difficult than you’d expect. That’s because the majority of vulnerabilities in software that hackers exploit are due to parsing bugs. Since programmers don’t learn about parsing formally, they figure it out for themselves, creating ad hoc solutions that are prone to bugs. For example, programmers assume external buffers cannot be larger than internal ones, leading to buffer overflows.

» Robert Graham |

Entradas relacionadas