Secure Coding mailing list archives
re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet]
From: crispin at novell.com (Crispin Cowan)
Date: Tue, 24 Oct 2006 12:30:44 -0700
Gergely Buday wrote:
Larry Kilgallen wrote:Is there participation on this list from the (hopefully larger number of) CMU instructors who are teaching people to use safer languages in the first place ?May anybody not from CMU enter the discussion about safer languages? ;-) I'm in favor of SML, as it has a number of implementations (some of them comparable to C in speed) and a formal definition ("well-typed programs do not go wrong") + a standard library.
SML is a nice & clean type safe language, and I don't mean to criticize it. However, if the goal is to be ale to use industry-popular languages that are safe, it seems to me that we have entered a bright new phase of history. Python, Ruby, Java, and C# are all broadly popular in industry, and are all type safe. Java and C# are statically type safe. So why not use them? For me, the enemy in the room is C++. It gives you the safety of C with the performance of SmallTalk. There is no excuse at all to be writing anything in C++ yet vastly too many applications are written in C++ anyway. Instead of trying to coax developers to switch from C++ to something "weird" like SML, lets encourage them to switch to Java or C#, which are closer to their experience. Sure, there are likely to be ways in which SML is better than C# or Java. However, in security, the perfect is all to often the enemy of the good-enough. The big community hears security people talk about the high security approach that security geeks really want, consider the costs, and go back to doing things the old way, and ignore the security people. If security people instead pitch something that is feasible and makes the situation better, instead of asking for the moon, we will make more progress. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Hack: adroit engineering solution to an unanticipated problem Hacker: one who is adroit at pounding round pegs into square holes
Current thread:
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Gary McGraw (Oct 11)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Gadi Evron (Oct 11)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Robert C. Seacord (Oct 12)
- Message not available
- Message not available
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] mikeiscool (Oct 13)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Craig E. Ward (Oct 13)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Gadi Evron (Oct 11)
- Message not available
- Message not available
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] James Walden (Oct 13)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] ljknews (Oct 17)
- Message not available
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Gergely Buday (Oct 18)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Crispin Cowan (Oct 24)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 27)
- re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 28)
- re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 29)
- re-writing college books - erm.. ahm... Robert C. Seacord (Oct 29)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 29)
- re-writing college books - erm.. ahm... Robert C. Seacord (Oct 28)
- re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
- re-writing college books - erm.. ahm... Leichter, Jerry (Nov 05)