Re: Interesting article on the adoption of Software Security

[Crispin Cowan <crispin () immunix com>]

ljknews wrote:


At 2:00 PM -0700 6/10/04, Dana Epp wrote:
 


Ok, lets turn the tables a bit here. We talked about this a bit back last December when I said that you need to use the 
right tool for the right job, and to quit beating on C.

For those of us who write kernel mode / ring0 code, what language are you suggesting we write in? Name a good typesafe 
language that you have PRACTICALLY seen to write kernel mode code in. Especially on Windows and the Linux platform. I 
am not trying to fuel the argument over which language is better, it comes down to the right tool for the right job. I 
know back in December ljknews suggested PL/I and Ada, but who has actually seen production code in either Windows or 
Linux using it?
   


Restricting your domain of inquiry to C-centric operating systems
is not exactly a reasonable set of ground rules.  This is, after all,
not a mailing list restricted to Windows and Linux. 

I strongly disagree. While it is not reasonable to limit this *list* to 
C-oriented operating systems, it is a perfectly reasonable question for 
a developer for Windows and Linux kernel enhancements to ask what 
programming language or programming techniques they should use to 
improve the security of their development efforts. Windows and Linux 
collectively representing some huge plurality of all deployed computer 
systems, it is a very practical question.



Even this _topic_
is not restricted to Windows and Linux. As an advocate of strongly typed languages, I do not use either 

That's nice, but it does not help the person who has to enhance legacy C 
code, which is a very real problem.


Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com