...
should we delete FIO43 and move something into its place (like FIO46)? it seems to me like the issue is mostly a string problem, and only a FIO issue because of i/o's heavy relience on strings... -alexv 5/14
sure looks like we should get rid of FIO43. It does appear to be almost identical to STR35-C except STR35-C seems to be fixed up a little more in some places. i recommend moving to the void, and then back filling with FIO46-C. Temporary files must be dealt with in a secure manner as you suggest.
One further problem, a bunch of FIO rules are labeled "fio", meaning they show up on the cross reference for the FIO section. i think the solution is to remove the fio tags from any FIO rules. - rCs
...
The Risk Assessment Summary tables for each section need to be updated (they are out of date with the actual rules). - I got as far as EXP07, which still has the risk assessment for EXP10
...