Secure Coding mailing list archives
RE: opinion, ACM Queue: Buffer Overrun Madness
From: ljknews <ljknews () mac com>
Date: Fri, 11 Jun 2004 15:27:38 +0100
At 10:36 PM +0100 6/10/04, David Crocker wrote:
I agree that converting legacy code to use one of the techniques I suggest isn't always going to be easy and inexpensive. My posting was aimed at those saying that something better than C/C++ should be used for new security-critical applications (which I agree is preferable), and I was pointing out that there are ways of using C++ so as to avoid its troublesome "array=pointer" feature.
And there are ways of using Assembly Language to avoid pitfalls that it provides. There are ways of using horse-drawn carriages to avoid the major reason (think street cleaning) why the automobile was embraced in urban areas during the early part of the 20th century. What there are _not_ are reasons for new development to cling to languages which make flawed constructs easy for the individual programmer to misuse. (Of course rewriting existing applications from one language to another should only be undertaken when there are strong reasons for rewriting in general, since the defects introduced, regardless of language, will be many.)
Current thread:
- Re: opinion, ACM Queue: Buffer Overrun Madness, (continued)
- Re: opinion, ACM Queue: Buffer Overrun Madness Blue Boar (Jun 10)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness David Eisner (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness Peter Amey (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Gary McGraw (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness David Crocker (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Jared W. Robinson (Jun 10)
- RE: opinion, ACM Queue: Buffer Overrun Madness David Crocker (Jun 11)
- RE: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 11)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 11)
- RE: opinion, ACM Queue: Buffer Overrun Madness David Crocker (Jun 11)
- Re: opinion, ACM Queue: Buffer Overrun Madness Crispin Cowan (Jun 11)