TY - JOUR T1 - Cyclone: A type-safe dialect of C JF - C/C++ Users Journal Y1 - 2005 A1 - Grossman,D. A1 - Hicks, Michael W. A1 - Jim,T. A1 - Morrisett,G. AB - If any bug has achieved celebrity status, it is thebuffer overflow. It made front-page news as early as 1987, as the enabler of the Morris worm, the first worm to spread through the Internet. In recent years, attacks exploiting buffer overflows have become more frequent, and more virulent. This year, for exam- ple, the Witty worm was released to the wild less than 48 hours after a buffer overflow vulnerability was publicly announced; in 45 minutes, it infected the entire world-wide population of 12,000 machines running the vulnerable programs. Notably, buffer overflows are a problem only for the C and C++ languages—Java and other “safe” lan- guages have built-in protection against them. More- over, buffer overflows appear in C programs written by expert programmers who are security concious— programs such as OpenSSH, Kerberos, and the com- mercial intrusion detection programs that were the target of Witty. This is bad news for C. If security experts have trouble producing overflow-free C programs, then there is not much hope for ordinary C program- mers. On the other hand, programming in Java is no panacea; for certain applications, C has no com- petition. From a programmer’s point of view, all the safe languages are about the same, while C is a very different beast. VL - 23 CP - 1 ER -