Secure Coding mailing list archives
RE: Programming languages -- the "third rail" of secure
From: Nick Lothian <nl () essential com au>
Date: Sun, 01 Aug 2004 19:29:06 +0100
IMHO, though, any such effort is pointless. The reality isthat we're goingto be stuck with C/C++, Java, C#, FORTRAN, COBOL, and various interpreted/scripting languages for a very long time.Rather than argueabout what makes something good/better, we'd be better offfiguring out howto use them more effectively.The problem is that some people persist in using less-safe languages for new code. When put into a discussion (here) with those who say "Use the best tool", a non-conversation takes place. If the list were retitled to be "Secure Coding in Unsupportive Languages" or "Secure Coding with Approprate Languages" then half of us would leave and the rest could actually conduct a discussion. -- Larry Kilgallen
What are peoples opinions of the languages listed above? Would I be overly controversial in saying: C/C++: Unsafe (for most people) Java/C#: Reasonably safe (both provide protection against buffer overflows, are type safe and provide built-in security mechanisms) FORTRAN/COBOL: Don't know - my impression is that COBOL is fairly safe Scripting Languages: Depends on the language. Lack of type safety can be a problem, but on the other hand they are usually safe from buffer overflows and the fact they you can do a lot more in fewer lines of code can make the code safer by making errors more obvious. Are there other languages in widespread use (ie, the language must be used more than - say - Python) that are safer than those listed above? Nick
Current thread:
- RE: Programming languages -- the "third rail" of secure Nick Lothian (Aug 01)
- RE: Programming languages -- the "third rail" of secure coding ljknews (Aug 01)
- Re: Programming languages -- the "third rail" of secure Crispin Cowan (Aug 06)