Full Disclosure mailing list archives
Re: automated vulnerability testing
From: Darren Reed <avalon () caligula anu edu au>
Date: Mon, 1 Dec 2003 06:48:02 +1100 (Australia/ACT)
In some mail from Choe.Sung Cont. PACAF CSS/SCHP, sie said:
Bill Royds wrote:If you are truly interested in security, you won't use C as theprogramminglanguage.You must be shitting me.. C does have its inherent flaws but that doesn't mean that there cannot be a secure application written in C. This statement represents FUD at its highest level.
In a sense, he is right. The effort you need to go to with C in order to code "securely" is obscene. Programming should evolve to a point where programmers don't need to worry about crap like that unless they're writing bootstrap code for an OS loader (or similar). Sooner or later, C needs to become obsolete. That aside, I can program more easily and securely in Java than I can with C, any time. The "more securely" comes from it being easier to understand by others as much as anything else. Darren _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: automated vulnerability testing, (continued)
- Re: automated vulnerability testing Michael Gale (Nov 29)
- Re: automated vulnerability testing Frank Knobbe (Nov 29)
- Re: automated vulnerability testing Gadi Evron (Nov 29)
- Re: automated vulnerability testing Valdis . Kletnieks (Nov 29)
- Re: automated vulnerability testing Jonathan A. Zdziarski (Nov 30)
- Re: automated vulnerability testing Nick FitzGerald (Nov 30)
- Re: automated vulnerability testing Jonathan A. Zdziarski (Nov 30)
- Re: automated vulnerability testing Valdis . Kletnieks (Nov 29)
- Re: automated vulnerability testing Devdas Bhagat (Nov 29)