Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: automated vulnerability testing

From: "Bill Royds" <full-disclosure () royds net>
Date: Sat, 29 Nov 2003 15:11:02 -0500
Only a good programmer can write safe C.
Most programmers are not good programmers.
Therefore  most C code is not safe and should not be trusted.


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Peter Moody
Sent: November 29, 2003 12:52 PM
To: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] automated vulnerability testing


your programmer must be perfect to guarantee security. C is best used for
low level programming where one needs to be close to the hardware
(programming in the small). It is not good for large applications where
modularity and flexibility are more important ( programming in the large).


and for large applications where the programmer needs to be close to the
hardware (programming in the?).  like the 3.5 million lines of C code
that comprise the linux kernel...

I'm sick of lazy programmers who keep complaining how C doesn't hold
your hand VB or some crap.  The language does not the coder make.  A
good programmer will be able to make lisp, C, smalltalk (etc. etc.) do
what they need it to.

-- 
Peter Moody                             <peter () ucsc edu>
Information Security Administrator      831/459.5409
Communications and Technology Services. UC, Santa Cruz.
http://security.ucsc.edu/pgp/peter.moody.pub
:wq

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: