[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031129200916.OVTI317816.fep04-mail.bloor.is.net.cable.rogers.com@BillDell>
From: full-disclosure at royds.net (Bill Royds)
Subject: automated vulnerability testing
Only a good programmer can write safe C.
Most programmers are not good programmers.
Therefore most C code is not safe and should not be trusted.
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Peter Moody
Sent: November 29, 2003 12:52 PM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] automated vulnerability testing
> your programmer must be perfect to guarantee security. C is best used for
> low level programming where one needs to be close to the hardware
> (programming in the small). It is not good for large applications where
> modularity and flexibility are more important ( programming in the large).
and for large applications where the programmer needs to be close to the
hardware (programming in the?). like the 3.5 million lines of C code
that comprise the linux kernel...
I'm sick of lazy programmers who keep complaining how C doesn't hold
your hand VB or some crap. The language does not the coder make. A
good programmer will be able to make lisp, C, smalltalk (etc. etc.) do
what they need it to.
--
Peter Moody <peter@...c.edu>
Information Security Administrator 831/459.5409
Communications and Technology Services. UC, Santa Cruz.
http://security.ucsc.edu/pgp/peter.moody.pub
:wq
Powered by blists - more mailing lists