Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Programming languages -- the "third rail" of secure coding

From: Nick Lothian <nl () essential com au>
Date: Mon, 02 Aug 2004 16:10:01 +0100
Java/C#: Reasonably safe (both provide protection against 

buffer overflows,

are type safe and provide built-in security mechanisms)
FORTRAN/COBOL: Don't know - my impression is that COBOL is 

fairly safe

Scripting Languages: Depends on the language. Lack of type 

safety can be a

problem, but on the other hand they are usually safe from 

buffer overflows

and the fact they you can do a lot more in fewer lines of 

code can make the

code safer by making errors more obvious.

Are there other languages in widespread use (ie, the 

language must be used

more than - say - Python) that are safer than those listed above? 


Certainly Ada is a lot safer than those above, and the SPARK subset
we have discussed here is even safer (not just by being a subset but
also by supporting proofs of correctness).  SPARK is much less widely
deployed that whatever was used to implement Internet Explorer, but I
have strong preference as to which of the two I would want used in the
programming of fly-by-wire for an airplane on which I fly.
-- 
Larry Kilgallen



What features make Ada safer than Java/C#? (I only have limited experience
with Ada but from memory there was nothing that jumps out at me as something
that Java lacks)

Nick
Previous By Date Next
Previous By Thread Next

Current thread: