| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: full-disclosure at royds.net (Bill Royds) Subject: automated vulnerability testing Only a good programmer can write safe C. Most programmers are not good programmers. Therefore most C code is not safe and should not be trusted. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Peter Moody Sent: November 29, 2003 12:52 PM To: full-disclosure@...ts.netsys.com Subject: RE: [Full-Disclosure] automated vulnerability testing > your programmer must be perfect to guarantee security. C is best used for > low level programming where one needs to be close to the hardware > (programming in the small). It is not good for large applications where > modularity and flexibility are more important ( programming in the large). and for large applications where the programmer needs to be close to the hardware (programming in the?). like the 3.5 million lines of C code that comprise the linux kernel... I'm sick of lazy programmers who keep complaining how C doesn't hold your hand VB or some crap. The language does not the coder make. A good programmer will be able to make lisp, C, smalltalk (etc. etc.) do what they need it to. -- Peter Moody <peter@...c.edu> Information Security Administrator 831/459.5409 Communications and Technology Services. UC, Santa Cruz. http://security.ucsc.edu/pgp/peter.moody.pub :wq
Powered by blists - more mailing lists