Problem
If you were to train developers on how to look for and address buffer overflow vulnerabilities in their code, what steps would you take and why would you take them? Also, how would overcome objections from developers who claim that vulnerability scan results finding buffer overflow vulnerabilities are false positives?