Secure Coding mailing list archives
Re: ACM Queue article and security education
From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 01 Jul 2004 19:49:13 +0100
Peter Amey wrote: There are languages which are more suitable for the construction of high-integrity systems and have been for years. We could have adopted Modula-2 back in the 1980s, people could take the blinkers of prejudice off and look properly at Ada. Yet we continue to use C-derived languages with known weaknesses. So we trade the known problems for a set of unknown ones? It might be appropriate to do so; C may be "broken" enough that it's better to go for an unknown with a design that allows for a possible correct implementation. I keep thinking of Java, for example. It's a good paper design for security purposes (I'll leave functionality alone for now.) But there are still all the issues with the VM implementation and libraries to deal with. Language X may very well be a much better starting point, I don't know. I do believe that it will never be properly looked at until the whole world starts using it for everything, though. BB
Current thread:
- Re: ACM Queue article and security education George Capehart (Jun 30)
- <Possible follow-ups>
- RE: ACM Queue article and security education Michael Canty (Jul 01)
- RE: ACM Queue article and security education Peter Amey (Jul 01)
- Re: ACM Queue article and security education Blue Boar (Jul 01)
- RE: ACM Queue article and security education Michael S Hines (Jul 01)
- Re: ACM Queue article and security education ljknews (Jul 01)
- Re: ACM Queue article and security education Blue Boar (Jul 01)
- Re: ACM Queue article and security education ljknews (Jul 02)
- Re: ACM Queue article and security education Blue Boar (Jul 01)
- Re: ACM Queue article and security education Blue Boar (Jul 02)