Re: The right tool for the right job, quit beating on the C language

[ljknews <ljknews () mac com>]

At 3:40 PM -0800 12/14/03, Dana Epp wrote:
> > Indeed, avoiding C* as a programming language seems the simplest defense.

> I do not believe we can use the argument to "avoid" any particular language,
> just because it is not as safe as some of the newer lanugauge that obscure
> the complexity of the underlying system (which are typically written in C
> anyways).

I don't think "newer" or "older" are relevant to any tool decisions,
but entering into a discussion of "secure coding" and refusing to admit
that tool choice might be a factor is really putting on blinders.

> As someone who writes a lot of kernelmode code, I HAVE to write in
> C and ASM. You are not going to see ring0 level code being written in Java
> or C# anytime soon. You have to use the right tool for the right job.

The fact that one language has problems is not ameliorated by the fact
that other languages have problems, particularly not languages proposed
as strawmen (Java and C# above).  Certainly PL/I has successfully been
used in highly secure Ring0/Kernelmode code, and I believe Ada has as well.

> What is the C language downfall is also its best strength. It is a double
> edged sword that really SHOULD be mastered,

There is no reason it _should_ be mastered unless it has been chosen as
the best language for a particular project.  If there are programmers who
do not know how to program Ada, there is no reason there should not be
programmers who do not know how to program in C.  The same goes for Java
and Jovial (to cover the "J's" :-).