Secure Coding mailing list archives
Re: Anyone looked at security features of D programming language compared to Spark?
From: Crispin Cowan <crispin () immunix com>
Date: Mon, 26 Apr 2004 21:38:57 +0100
Blue Boar wrote: Crispin Cowan wrote: Dynamic type checking (or any kind of run-time fail-stop checking) enhances security (attacks are halted) but degrades reliability (processes that might live with a harmlessly inconsistent state may be halted). Degrades reliability of a "correct" program? Or only degrades reliability of a program with bugs, harmless or not? The latter. Run-time fault checks will never go off if the program does not have faults. If it's the latter, I would assume QA would want to see the latter, so the bug could be squashed. I'm assuming, of course, that one wants to also squash "harmless" bugs. QA will want to squash the bugs it sees. Run-time fault checking helps find *some* of those bugs, if QA checks the code paths that expose those bugs. Static type checking, OTOH, finds latent bugs that no one thought to check for, at the cost of not finding some bugs that are statically undecidable. Using both is of course the safest. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com Immunix 7.3 http://www.immunix.com/shop/
Current thread:
- Re: Anyone looked at security features of D programming language compared to Spark? Gary McGraw (Apr 22)
- Re: Anyone looked at security features of D programming language compared to Spark? Jim & Mary Ronback (Apr 23)
- Re: Anyone looked at security features of D programming language compared to Spark? Crispin Cowan (Apr 26)
- RE: Anyone looked at security features of D programming language compared to Spark? Michael Canty (Apr 26)
- Re: Anyone looked at security features of D programming language compared to Spark? Blue Boar (Apr 26)
- Re: Anyone looked at security features of D programming language compared to Spark? Crispin Cowan (Apr 26)
- Re: Anyone looked at security features of D programming language compared to Spark? Crispin Cowan (Apr 26)
- Re: Anyone looked at security features of D programming language compared to Spark? Jim & Mary Ronback (Apr 23)