Re: Coding securely, was Linux (in)security

[Valdis.Kletnieks () vt edu]

On Sun, 26 Oct 2003 23:07:18 EST, Bill Royds <full-disclosure () royds net>  said:

> such as OpenSSH has been found to have security problems. If you look at
> security advisories, find out how many come from Ada  code. C makes it hard
> to write secure code.

I wasn't aware there was enough of a code base of actual Ada programs out in
the wild for there to be statistically valid results. I gave up on any
prospects of Ada when the DoD dropped the requirement that the compiler and
runtime support libraries pass the test suite for exception handling because
otherwise *no* compilers would validate.  Given this, and the truly huge and
byzantine nature of the *rest* of the language, I'm not convinced that Ada was
actually any good for writing *secure* code.

Think about how many programs have had bugs because programmers didn't
understand how *their particular* C++ compiler (in the current version, as
opposed to the version 6 months ago) handled constructors, and consider that
Ada was even worse.  True, it may have been safe against simple buffer
overflows, but a breeding ground for more subtle bugs caused by
misunderstanding the semantics of *all* the language features.

Attachment: _bin
Description: