Secure Coding mailing list archives
Re: ACM Queue article and security education
From: Blue Boar <BlueBoar () thievco com>
Date: Fri, 02 Jul 2004 00:12:08 +0100
ljknews wrote: I think it will be properly considered when the most strict portion of the software world is using language X. I have used many programs where the flaws in the program make it clear that I care not one whit about whether the authors of that program have opinion about anything I might use. They are simply not competent, either as individuals or else as an organization. By "most strict portion", do you mean people that care most about correct code, proofs, and such? I don't deny that the bulk of the heavy lifting will be done by people well-qualified to do so. However, I'm of the school of thought that certain types of people who like to break things, and whose chief skill is breaking things, will always have a decent shot at finding a problem. There are people who couldn't build it, but they can sure break it. You don't typically get their attention until something is really, really popular. So yes, you can write your stuff in Language X, and assume it's secure. It might not actually be until the whole world has had its way with Language X, but (hopefully) that's not a problem. You can still do the dance of patching the last 5 problems in Language X, and end up better off that if you'd just used C. Even Knuth has to write checks ocassionally, and he does a lot of proof work, doesn't he? So, if Language X only has 5 problems total, even if it takes years to ferret them out, butthey are fixable, please proceed with getting the whole world to use Language X. BB
Current thread:
- Re: ACM Queue article and security education George Capehart (Jun 30)
- <Possible follow-ups>
- RE: ACM Queue article and security education Michael Canty (Jul 01)
- RE: ACM Queue article and security education Peter Amey (Jul 01)
- Re: ACM Queue article and security education Blue Boar (Jul 01)
- RE: ACM Queue article and security education Michael S Hines (Jul 01)
- Re: ACM Queue article and security education ljknews (Jul 01)
- Re: ACM Queue article and security education Blue Boar (Jul 01)
- Re: ACM Queue article and security education ljknews (Jul 02)
- Re: ACM Queue article and security education Blue Boar (Jul 01)
- Re: ACM Queue article and security education Blue Boar (Jul 02)