diff options
| author | Alex Stapleton <alexs@prol.etari.at> | 2014-03-24 10:03:26 +0000 |
|---|---|---|
| committer | Alex Stapleton <alexs@prol.etari.at> | 2014-03-24 10:03:26 +0000 |
| commit | da4e0fa7a3dd53d3b81b655d0a3c0078063ab320 (patch) | |
| tree | f563ba2e4a08a8b6d518f36e8f52548db5e6b705 /docs/limitations.rst | |
| parent | 1977a605c5ac83dce0e717ca37f99eab48b73ada (diff) | |
| download | cryptography-da4e0fa7a3dd53d3b81b655d0a3c0078063ab320.tar.gz cryptography-da4e0fa7a3dd53d3b81b655d0a3c0078063ab320.tar.bz2 cryptography-da4e0fa7a3dd53d3b81b655d0a3c0078063ab320.zip | |
Add citation for being a low risk issue
Diffstat (limited to 'docs/limitations.rst')
| -rw-r--r-- | docs/limitations.rst | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/docs/limitations.rst b/docs/limitations.rst index 3b6cce2a..3028e7c8 100644 --- a/docs/limitations.rst +++ b/docs/limitations.rst @@ -10,7 +10,10 @@ has some kind of local user access or because of how other software uses uninitialized memory. Python exposes no API for us to implement this reliably and as such most -software in Python is vulnerable to this attack. However we do not currently -believe this to be particularly high risk issue for most users. +software in Python is vulnerable to this attack. However the +`CERT secure coding guidelines`_ categorise this issue as "low severity, +unlikely, expensive to repair" and we do not consider this a high risk for most +users. .. _`Memory wiping`: http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx +.. _`CERT secure coding guidelines`: https://www.securecoding.cert.org/confluence/display/seccode/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources |