Re: ACM Queue article and security education

[Blue Boar <BlueBoar () thievco com>]

Peter Amey wrote:

There are languages which are more suitable for the construction of
high-integrity systems and have been for years.  We could have
adopted Modula-2 back in the 1980s, people could take the blinkers of
prejudice off and look properly at Ada.  Yet we continue to use
C-derived languages with known weaknesses.


So we trade the known problems for a set of unknown ones?  It might be 
appropriate to do so; C may be "broken" enough that it's better to go 
for an unknown with a design that allows for a possible correct 
implementation.  I keep thinking of Java, for example.  It's a good 
paper design for security purposes (I'll leave functionality alone for 
now.)  But there are still all the issues with the VM implementation and 
libraries to deal with.


Language X may very well be a much better starting point, I don't know. 
 I do believe that it will never be properly looked at until the whole 
world starts using it for everything, though.


                                                BB