Security Basics mailing list archives
RE: Programming
From: "Ernest Nelson" <juridian () juridian com>
Date: Mon, 14 Feb 2005 13:16:00 -0800
Most languages don't teach bad habits, bad references and teachers do. You can learn to write bad cobol just as easily as you can learn bad perl, c, or vb. "The Practice of Programming" is a good place to start learning how to write better code. - http://www.amazon.com/exec/obidos/tg/detail/-/020161586X/qid=1108415608/sr=8 -1/ref=pd_bbs_1/104-3983269-4991158?v=glance&s=books&n=507846 -----Original Message----- From: David J ONEILL [mailto:David.J.Oneill () state or us] Sent: Friday, February 11, 2005 2:51 PM To: security-basics () securityfocus com Subject: Re: Programming Sorry, my understand was that the "guy" wanted to learn a language the would help him see the security pitfalls in programming production code ... if I was wrong, my mistake. So, no I was not joking. The problem with "modern languages" (Java, C#, Python, Ruby, VBScript, ...) is that they do not enforce any structured programming techniques. They let the developer write the code any way they want, which install real bad habits (like redefining a data element into whatever data type fits as many times as they want ... just try tracing a program written like this.) If you want to know what kind of security vulnerabilities exist in the real world of professional programming (as opposed to the script kiddy world) one should explore languages used in major computer systems. Like it or not, in most large systems, the production code is COBOL. As I said before, I am a professional JAVA developer ... but I am sure glad that I started out with a more structured and human readable language. The future of COBOL, well you should have done some checking before popping that question (Object Oriented COBOL is the current version, and it is strongly supported.) I'm ready ... throw the next flaming arrow David J O'Neill Senior Systems Analyst State of Oregon Department of Human Services Office of Information Services PH# 503.378.2101 ext. 280 email david.j.oneill () state or us
Current thread:
- RE: Programming, (continued)
- RE: Programming Ernest Nelson (Feb 11)
- Re: Programming linux user (Feb 11)
- Re: Programming zl4t3 (Feb 11)
- Re: Programming Valentin Höbel (Feb 14)
- RE: Programming Schott, Erik J Mr ANOSC/FCBS (Feb 11)
- Re: Programming Valentin Höbel (Feb 11)
- RE: Programming Enquiries (Feb 14)
- RE: Programming Andrew Aris (Feb 17)
- RE: Programming Enquiries (Feb 14)
- RE: Programming Lepore, Brian (Feb 11)
- Re: Programming David J ONEILL (Feb 14)
- RE: Programming Ernest Nelson (Feb 14)
- Re: Programming Dragos Ruiu (Feb 15)
- Re: Programming _ (Feb 17)
- RE: Programming Ernest Nelson (Feb 14)
- Re: Programming dayz (Feb 14)
- Re: Programming Valentin Höbel (Feb 14)
- Re: Programming Kevin Carlson (Feb 17)
- Re: Programming Valentin Höbel (Feb 14)
- RE: Programming David J ONEILL (Feb 14)
- RE: Programming David J ONEILL (Feb 15)
- Re: Programming aixroot (Feb 15)