Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Programming languages -- the "third rail" of secure coding

From: "Craig E. Ward" <cew () acm org>
Date: Thu, 22 Jul 2004 15:35:47 +0100

At 1:22 AM -0700 7/21/04, Crispin Cowan wrote:
I don't understand the purpose of this list. If it is to list all 
programming languages, that is hopeless, as there are thousands of 
programming languages. If it is to list all programming languages 
with security ambitions, then I'm confused, as clearly not all of 
the languages listed were intended to enhance security, and some of 
them (glaringly PHP) substantially *degrade* security vs. many 
languages that came before them.


The list would make more sense if the languages were classified by 
type, e.g. imperative, functional, logic, declarative, etc. (Or some 
other set of classifications/labels around which a consensus can be 
found.) Then a question arises, is there any particular class of 
language that lends itself better to secure programming than the 
others?


Craig
--
Internet: [EMAIL PROTECTED]
Previous By Date Next
Previous By Thread Next

Current thread: