Full Disclosure mailing list archives
Re: automated vulnerability testing
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Sun, 30 Nov 2003 02:31:23 +0530
On 29/11/03 12:30 -0800, Chris Adams wrote:
On Nov 29, 2003, at 2:47, Choe.Sung Cont. PACAF CSS/SCHP wrote:Bill Royds wrote:If you are truly interested in security, you won't use C as the programming language.You must be shitting me.. C does have its inherent flaws but that doesn't mean that there cannot be a secure application written in C. This statement represents FUD at its highest level.Name a single non-trivial application written in C which has not had at least one of the classic C security problems.
Qmail? DJBDNS?
That's why we need different languages: even if you're one of the extraordinarily small number of programmers who can write C without bugs, there's abundant evidence that the average C programmer cannot be trusted to do so.
No one is objecting to using more than one language. But saying that those who are interested in secure coding will not use C is too much of a blanket statement. Is C the right language where the programmer needs control? yes. Is it right for operating systems? Yes. Is it right for the next graphical singing and dancing paper clip supported application? Not necessarily.
The other problem is productivity - C programmers have to write significantly more code to produce equivalent functionality which both
Depending on what functionality is needed, what the operating conditions are and what the budgetary constraints are, as well as what the programmer is skilled in, the answer depends. Devdas Bhagat _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: automated vulnerability testing, (continued)
- RE: automated vulnerability testing Bill Royds (Nov 29)
- Re: automated vulnerability testing Michael Gale (Nov 29)
- Re: automated vulnerability testing Frank Knobbe (Nov 29)
- Re: automated vulnerability testing Gadi Evron (Nov 29)
- Re: automated vulnerability testing Valdis . Kletnieks (Nov 29)
- Re: automated vulnerability testing Jonathan A. Zdziarski (Nov 30)
- Re: automated vulnerability testing Nick FitzGerald (Nov 30)
- Re: automated vulnerability testing Jonathan A. Zdziarski (Nov 30)
- Re: automated vulnerability testing Valdis . Kletnieks (Nov 29)
- Re: automated vulnerability testing Devdas Bhagat (Nov 29)