Full Disclosure mailing list archives
Re: automated vulnerability testing
From: Chris Adams <chris () improbable org>
Date: Sat, 29 Nov 2003 12:30:09 -0800
On Nov 29, 2003, at 2:47, Choe.Sung Cont. PACAF CSS/SCHP wrote:
Bill Royds wrote:You must be shitting me.. C does have its inherent flaws but that doesn't mean that there cannot be a secure application written in C. This statementIf you are truly interested in security, you won't use C as the programming language.represents FUD at its highest level.
Name a single non-trivial application written in C which has not had at least one of the classic C security problems.
That's why we need different languages: even if you're one of the extraordinarily small number of programmers who can write C without bugs, there's abundant evidence that the average C programmer cannot be trusted to do so.
The other problem is productivity - C programmers have to write significantly more code to produce equivalent functionality which both increases the opportunity for errors and decreases the time available to find and fix those errors, identify design oversights, etc.
Chris
Attachment:
smime.p7s
Description:
Current thread:
- RE: automated vulnerability testing, (continued)
- RE: automated vulnerability testing Peter Moody (Nov 29)
- RE: automated vulnerability testing Bill Royds (Nov 29)
- Re: automated vulnerability testing Michael Gale (Nov 29)
- Re: automated vulnerability testing Frank Knobbe (Nov 29)
- Re: automated vulnerability testing Gadi Evron (Nov 29)
- Re: automated vulnerability testing Valdis . Kletnieks (Nov 29)
- Re: automated vulnerability testing Jonathan A. Zdziarski (Nov 30)
- Re: automated vulnerability testing Nick FitzGerald (Nov 30)
- Re: automated vulnerability testing Jonathan A. Zdziarski (Nov 30)
- Re: automated vulnerability testing Valdis . Kletnieks (Nov 29)
- Re: automated vulnerability testing Devdas Bhagat (Nov 29)