Full Disclosure mailing list archives
RE: automated vulnerability testing
From: "Bill Royds" <full-disclosure () royds net>
Date: Sat, 29 Nov 2003 15:11:02 -0500
Only a good programmer can write safe C. Most programmers are not good programmers. Therefore most C code is not safe and should not be trusted. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Peter Moody Sent: November 29, 2003 12:52 PM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] automated vulnerability testing
your programmer must be perfect to guarantee security. C is best used for low level programming where one needs to be close to the hardware (programming in the small). It is not good for large applications where modularity and flexibility are more important ( programming in the large).
and for large applications where the programmer needs to be close to the hardware (programming in the?). like the 3.5 million lines of C code that comprise the linux kernel... I'm sick of lazy programmers who keep complaining how C doesn't hold your hand VB or some crap. The language does not the coder make. A good programmer will be able to make lisp, C, smalltalk (etc. etc.) do what they need it to. -- Peter Moody <peter () ucsc edu> Information Security Administrator 831/459.5409 Communications and Technology Services. UC, Santa Cruz. http://security.ucsc.edu/pgp/peter.moody.pub :wq _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: automated vulnerability testing, (continued)
- Re: automated vulnerability testing madsaxon (Nov 21)
- Re: automated vulnerability testing fulldisclosure (Nov 21)
- RE: automated vulnerability testing Josh Daymont (Nov 21)
- automated vulnerability testing fulldisclosure (Nov 28)
- RE: automated vulnerability testing Bill Royds (Nov 28)
- RE: automated vulnerability testing Todd Burroughs (Nov 29)
- RE: automated vulnerability testing Bill Royds (Nov 28)
- automated vulnerability testing Choe.Sung Cont. PACAF CSS/SCHP (Nov 29)
- Re: automated vulnerability testing Todd Burroughs (Nov 29)
- RE: automated vulnerability testing Bill Royds (Nov 29)
- RE: automated vulnerability testing Peter Moody (Nov 29)
- RE: automated vulnerability testing Bill Royds (Nov 29)
- Re: automated vulnerability testing Michael Gale (Nov 29)
- Re: automated vulnerability testing Frank Knobbe (Nov 29)
- Re: automated vulnerability testing Gadi Evron (Nov 29)
- Re: automated vulnerability testing Valdis . Kletnieks (Nov 29)
- Re: automated vulnerability testing Jonathan A. Zdziarski (Nov 30)
- Re: automated vulnerability testing Nick FitzGerald (Nov 30)
- Re: automated vulnerability testing Jonathan A. Zdziarski (Nov 30)
- Re: automated vulnerability testing Valdis . Kletnieks (Nov 29)
- Re: automated vulnerability testing Devdas Bhagat (Nov 29)