The right tool for the right job, quit beating on the C language

["Dana Epp" <dana () vulscan com>]

> Indeed, avoiding C* as a programming language seems the simplest defense.

I have been trying to stay away from this argument, as this list doesn't
need a best language/best OS/best editor flamewar on its hands, but I feel
compelled to comment on this.

I do not believe we can use the argument to "avoid" any particular language,
just because it is not as safe as some of the newer lanugauge that obscure
the complexity of the underlying system (which are typically written in C
anyways). As someone who writes a lot of kernelmode code, I HAVE to write in
C and ASM. You are not going to see ring0 level code being written in Java
or C# anytime soon. You have to use the right tool for the right job.

What is the C language downfall is also its best strength. It is a double
edged sword that really SHOULD be mastered, but by many is treated like a
child's $5 plastic toy... wielded by the inexperienced who don't know any
better. The reality is instead of avoiding it, we should include the proper
teachings to use it safely, and correctly. Now this is a DIFFERENT
discussion than the "secure programming" education track, as this is a more
language specific. Yet I think that if we try to sidestep the issue, we will
end up using the wrong tool at the wrong time. We shouldn't fear using
languages like C and C++, we just need to know its place, know its
fallabilities and deal with it.

---
Regards,
Dana M. Epp
[Blog: http://silverstr.ufies.org/blog/]