| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: chris at improbable.org (Chris Adams) Subject: Re: automated vulnerability testing > On 29/11/03 12:30 -0800, Chris Adams wrote: > > On Nov 29, 2003, at 2:47, Choe.Sung Cont. PACAF CSS/SCHP wrote: > > > Bill Royds wrote: > > >> If you are truly interested in security, you won't use C as the > > >> programming language. > > > You must be shitting me.. C does have its inherent flaws but that > > > doesn't > > > mean that there cannot be a secure application written in C. This > > > statement > > > represents FUD at its highest level. > > > > Name a single non-trivial application written in C which has not had > at > > least one of the classic C security problems. > > Qmail? DJBDNS? Again, the fact that we're talking about a couple programs written by one guy suggests that C should not be considered a general purpose language - DJB represents a very small percentage of the C programming populace. There are very, very few situations where you must use C - low-level hardware access just isn't that common any more, even for the traditional areas like embedded systems or games - and the fact that it's hard to write C properly suggests that it should be reserved for the few situations where it's a necessity: even there, it makes sense to use a high-level language to call a few functions written in C. Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2369 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031201/1a6bbb8e/smime.bin
Powered by blists - more mailing lists