| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <D3A5435B-22AA-11D8-8C2E-000A95703418@improbable.org> From: chris at improbable.org (Chris Adams) Subject: automated vulnerability testing On Nov 29, 2003, at 2:47, Choe.Sung Cont. PACAF CSS/SCHP wrote: > Bill Royds wrote: >> If you are truly interested in security, you won't use C as the >> programming language. > You must be shitting me.. C does have its inherent flaws but that > doesn't > mean that there cannot be a secure application written in C. This > statement > represents FUD at its highest level. Name a single non-trivial application written in C which has not had at least one of the classic C security problems. That's why we need different languages: even if you're one of the extraordinarily small number of programmers who can write C without bugs, there's abundant evidence that the average C programmer cannot be trusted to do so. The other problem is productivity - C programmers have to write significantly more code to produce equivalent functionality which both increases the opportunity for errors and decreases the time available to find and fix those errors, identify design oversights, etc. Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2369 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031129/a30beb83/smime.bin
Powered by blists - more mailing lists