| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: devdas at dvb.homelinux.org (Devdas Bhagat) Subject: automated vulnerability testing On 29/11/03 12:30 -0800, Chris Adams wrote: > On Nov 29, 2003, at 2:47, Choe.Sung Cont. PACAF CSS/SCHP wrote: > > Bill Royds wrote: > >> If you are truly interested in security, you won't use C as the > >> programming language. > > You must be shitting me.. C does have its inherent flaws but that > > doesn't > > mean that there cannot be a secure application written in C. This > > statement > > represents FUD at its highest level. > > Name a single non-trivial application written in C which has not had at > least one of the classic C security problems. Qmail? DJBDNS? > That's why we need different languages: even if you're one of the > extraordinarily small number of programmers who can write C without > bugs, there's abundant evidence that the average C programmer cannot be > trusted to do so. No one is objecting to using more than one language. But saying that those who are interested in secure coding will not use C is too much of a blanket statement. Is C the right language where the programmer needs control? yes. Is it right for operating systems? Yes. Is it right for the next graphical singing and dancing paper clip supported application? Not necessarily. > The other problem is productivity - C programmers have to write > significantly more code to produce equivalent functionality which both Depending on what functionality is needed, what the operating conditions are and what the budgetary constraints are, as well as what the programmer is skilled in, the answer depends. Devdas Bhagat
Powered by blists - more mailing lists