lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <DC767862-2439-11D8-AFDF-000A95703418@improbable.org>
From: chris at improbable.org (Chris Adams)
Subject: Re: automated vulnerability testing

> On 29/11/03 12:30 -0800, Chris Adams wrote:
> > On Nov 29, 2003, at 2:47, Choe.Sung Cont. PACAF CSS/SCHP wrote:
> > > Bill Royds wrote:
> > >> If you are truly interested in security, you won't use C as the
> > >> programming language.
> > > You must be shitting me.. C does have its inherent flaws but that
> > > doesn't
> > > mean that there cannot be a secure application written in C. This
> > > statement
> > > represents FUD at its highest level.
> >
> > Name a single non-trivial application written in C which has not had 
> at
> > least one of the classic C security problems.
>
> Qmail? DJBDNS?

Again, the fact that we're talking about a couple programs written by 
one guy suggests that C should not be considered a general purpose 
language - DJB represents a very small percentage of the C programming 
populace. There are very, very few situations where you must use C - 
low-level hardware access just isn't that common any more, even for the 
traditional areas like embedded systems or games - and the fact that 
it's hard to write C properly suggests that it should be reserved for 
the few situations where it's a necessity: even there, it makes sense 
to use a high-level language to call a few functions written in C.

Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2369 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031201/1a6bbb8e/smime.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ