The flaws found this year in OpenSSL, Bash, strings and now wget and tnftp indicate a trend of new bugs being found in old code, said Rob VandenBrink, an incident handler at the SANS Internet Storm Centert, in a blog post Thursday. "Coders who wrote stuff in C back in the day didn't always write code that knew how much was too much of a good thing. Now that we're all looking at problems with bounds checking on input data, expect to see at least a couple more of these!"
The danger is that these flaws are found in utilities that a lot of people use every day. As VandenBrink puts it they "are part of our standard, trusted toolkit."
Sign up for CIO Asia eNewsletters.