RE: Programming

["Ernest Nelson" <juridian () juridian com>]

Most languages don't teach bad habits, bad references and teachers do.  You
can learn to write bad cobol just as easily as you can learn bad perl, c, or
vb.

"The Practice of Programming" is a good place to start learning how to write
better code.  -
http://www.amazon.com/exec/obidos/tg/detail/-/020161586X/qid=1108415608/sr=8
-1/ref=pd_bbs_1/104-3983269-4991158?v=glance&s=books&n=507846



-----Original Message-----
From: David J ONEILL [mailto:David.J.Oneill () state or us] 
Sent: Friday, February 11, 2005 2:51 PM
To: security-basics () securityfocus com
Subject: Re: Programming

Sorry, my understand was that the "guy" wanted to learn a language the
would help him see the security pitfalls in programming production code
... if I was wrong, my mistake.  So, no I was not joking.

The problem with "modern languages" (Java, C#, Python, Ruby, VBScript,
...) is that they do not enforce any structured programming techniques. 
They let the developer write the code any way they want, which install
real bad habits (like redefining a data element into whatever data type
fits as many times as they want ... just try tracing a program written
like this.)  If you want to know what kind of security vulnerabilities
exist in the real world of professional programming (as opposed to the
script kiddy world) one should explore languages used in major computer
systems.  Like it or not, in most large systems, the production code is
COBOL.

As I said before, I am a professional JAVA developer ... but I am sure
glad that I started out with a more structured and human readable
language.  The future of COBOL, well you should have done some checking
before popping that question (Object Oriented COBOL is the current
version, and it is strongly supported.)

I'm ready ... throw the next flaming arrow

David J O'Neill
Senior Systems Analyst
State of Oregon
Department of Human Services
Office of Information Services
PH# 503.378.2101 ext. 280
email david.j.oneill () state or us