Secure Coding mailing list archives
RE: Programming languages -- the "third rail" of secure coding
From: Nick Lothian <nl () essential com au>
Date: Mon, 02 Aug 2004 16:10:01 +0100
Java/C#: Reasonably safe (both provide protection againstbuffer overflows,are type safe and provide built-in security mechanisms) FORTRAN/COBOL: Don't know - my impression is that COBOL isfairly safeScripting Languages: Depends on the language. Lack of typesafety can be aproblem, but on the other hand they are usually safe frombuffer overflowsand the fact they you can do a lot more in fewer lines ofcode can make thecode safer by making errors more obvious. Are there other languages in widespread use (ie, thelanguage must be usedmore than - say - Python) that are safer than those listed above?Certainly Ada is a lot safer than those above, and the SPARK subset we have discussed here is even safer (not just by being a subset but also by supporting proofs of correctness). SPARK is much less widely deployed that whatever was used to implement Internet Explorer, but I have strong preference as to which of the two I would want used in the programming of fly-by-wire for an airplane on which I fly. -- Larry Kilgallen
What features make Ada safer than Java/C#? (I only have limited experience with Ada but from memory there was nothing that jumps out at me as something that Java lacks) Nick
Current thread:
- Re: Programming languages -- the "third rail" of secure coding, (continued)
- Re: Programming languages -- the "third rail" of secure coding Erik van Konijnenburg (Jul 21)
- Re: Programming languages -- the "third rail" of secure coding der Mouse (Jul 20)
- Re: Programming languages -- the "third rail" of secure coding Crispin Cowan (Jul 21)
- Re: Programming languages -- the "third rail" of secure coding Craig E. Ward (Jul 22)
- Re: Programming languages -- the "third rail" of secure coding James Walden (Jul 21)
- RE: Programming languages -- the "third rail" of secure coding Peter Amey (Jul 21)
- RE: Programming languages -- the "third rail" of secure coding Wall, Kevin (Jul 21)
- RE: Programming languages -- the "third rail" of secure coding Nick Lothian (Jul 21)
- RE: Programming languages -- the "third rail" of secure coding Michael S Hines (Jul 22)
- Re: Programming languages -- the "third rail" of secure coding Mark Rockman (Jul 23)
- RE: Programming languages -- the "third rail" of secure coding Nick Lothian (Aug 02)
- RE: Programming languages -- the "third rail" of secure coding ljknews (Aug 02)