Add citation for being a low risk issue

commit: da4e0fa7a3dd53d3b81b655d0a3c0078063ab320 [log] [tgz]
author: Alex Stapleton <alexs@prol.etari.at> Mon Mar 24 10:03:26 2014 +0000
committer: Alex Stapleton <alexs@prol.etari.at> Mon Mar 24 10:03:26 2014 +0000
tree: f563ba2e4a08a8b6d518f36e8f52548db5e6b705
parent: 1977a605c5ac83dce0e717ca37f99eab48b73ada [diff] [blame]
diff --git a/docs/limitations.rst b/docs/limitations.rst
index 3b6cce2..3028e7c 100644
--- a/docs/limitations.rst
+++ b/docs/limitations.rst

@@ -10,7 +10,10 @@
 uninitialized memory.
 
 Python exposes no API for us to implement this reliably and as such most
-software in Python is vulnerable to this attack. However we do not currently
-believe this to be particularly high risk issue for most users.
+software in Python is vulnerable to this attack. However the
+`CERT secure coding guidelines`_ categorise this issue as "low severity,
+unlikely, expensive to repair" and we do not consider this a high risk for most
+users.
 
 .. _`Memory wiping`:  http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx
+.. _`CERT secure coding guidelines`: https://www.securecoding.cert.org/confluence/display/seccode/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources
commit	da4e0fa7a3dd53d3b81b655d0a3c0078063ab320	[log] [tgz]
author	Alex Stapleton <alexs@prol.etari.at>	Mon Mar 24 10:03:26 2014 +0000
committer	Alex Stapleton <alexs@prol.etari.at>	Mon Mar 24 10:03:26 2014 +0000
tree	f563ba2e4a08a8b6d518f36e8f52548db5e6b705
parent	1977a605c5ac83dce0e717ca37f99eab48b73ada [diff] [blame]