RE: opinion, ACM Queue: Buffer Overrun Madness

[ljknews <ljknews () mac com>]

At 10:36 PM +0100 6/10/04, David Crocker wrote:
> I agree that converting legacy code to use one of the techniques I suggest isn't
> always going to be easy and inexpensive. My posting was aimed at those saying
> that something better than C/C++ should be used for new security-critical
> applications (which I agree is preferable), and I was pointing out that there
> are ways of using C++ so as to avoid its troublesome "array=pointer" feature.

And there are ways of using Assembly Language to avoid pitfalls that it
provides.  There are ways of using horse-drawn carriages to avoid the
major reason (think street cleaning) why the automobile was embraced in
urban areas during the early part of the 20th century.

What there are _not_ are reasons for new development to cling to languages
which make flawed constructs easy for the individual programmer to misuse.

(Of course rewriting existing applications from one language to another
should only be undertaken when there are strong reasons for rewriting
in general, since the defects introduced, regardless of language, will
be many.)