Secure Coding mailing list archives
RE: ACM Queue article and security education
From: "Michael S Hines" <mshines () purdue edu>
Date: Thu, 01 Jul 2004 21:05:27 +0100
I can just see an OS go into a wait state now while the VM/.NET or whatever does garbage collection; and the delays while the intermediate code is turned into executable code by the loaders. Not! HLL have given us portability (witness - *nix) but at some price of performance. The HW development has outpaced SW development - to the tune where we hardly notice the performance hit at all. After all, now fast can one person type (grin)? It's always a trade off... HW/SW. Mike Hines ----------------------------------- Michael S Hines [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blue Boar Sent: Thursday, July 01, 2004 11:11 AM To: Peter Amey Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] ACM Queue article and security education Peter Amey wrote:
There are languages which are more suitable for the construction of high-integrity systems and have been for years. We could have adopted Modula-2 back in the 1980s, people could take the blinkers of prejudice off and look properly at Ada. Yet we continue to use C-derived languages with known weaknesses.
So we trade the known problems for a set of unknown ones? It might be appropriate to do so; C may be "broken" enough that it's better to go for an unknown with a design that allows for a possible correct implementation. I keep thinking of Java, for example. It's a good paper design for security purposes (I'll leave functionality alone for now.) But there are still all the issues with the VM implementation and libraries to deal with. Language X may very well be a much better starting point, I don't know. I do believe that it will never be properly looked at until the whole world starts using it for everything, though. BB
Current thread:
- Re: ACM Queue article and security education George Capehart (Jun 30)
- <Possible follow-ups>
- RE: ACM Queue article and security education Michael Canty (Jul 01)
- RE: ACM Queue article and security education Peter Amey (Jul 01)
- Re: ACM Queue article and security education Blue Boar (Jul 01)
- RE: ACM Queue article and security education Michael S Hines (Jul 01)
- Re: ACM Queue article and security education ljknews (Jul 01)
- Re: ACM Queue article and security education Blue Boar (Jul 01)
- Re: ACM Queue article and security education ljknews (Jul 02)
- Re: ACM Queue article and security education Blue Boar (Jul 01)
- Re: ACM Queue article and security education Blue Boar (Jul 02)