Boost Users :

Subject: [Boost-users] Dealing with resistance to Boost
From: hano botha (hanobotha_at_[hidden])
Date: 2012-07-11 12:02:00

• Next message: Nat Linden: "Re: [Boost-users] [asio] asynchronous reading/writing to the tcp stream"
• Previous message: Ovanes Markarian: "Re: [Boost-users] [asio] asynchronous reading/writing to the tcp stream"
• Next in thread: Sebastian Redl: "Re: [Boost-users] Dealing with resistance to Boost"
• Reply: Sebastian Redl: "Re: [Boost-users] Dealing with resistance to Boost"
• Reply: Paul A. Bristow: "Re: [Boost-users] Dealing with resistance to Boost"

I am trying to get my organisation to use Boost.

I have managed to get it included in source control and we have permission
to use it in our unit testing.

The main objection to using it in our production code is that it could be a
potential security risk.

I suggested that we restrict the usage of boost to the template\ headers
only libraries. I don't see how the templates in boost can cause more of a
security risk than what we have currently with the STL.

My question is: How is vulnerabilities in the library dealt with? How is
new vulnerabilities communicated to the user's community?

I would also like to know historically, how many and how often
were vulnerabilities discovered?

Any good references would be great.

Thanks,

• text/html attachment: attachment

• Next message: Nat Linden: "Re: [Boost-users] [asio] asynchronous reading/writing to the tcp stream"
• Previous message: Ovanes Markarian: "Re: [Boost-users] [asio] asynchronous reading/writing to the tcp stream"
• Next in thread: Sebastian Redl: "Re: [Boost-users] Dealing with resistance to Boost"
• Reply: Sebastian Redl: "Re: [Boost-users] Dealing with resistance to Boost"
• Reply: Paul A. Bristow: "Re: [Boost-users] Dealing with resistance to Boost"

Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net