RE: Programming languages -- the "third rail" of secure coding

[ljknews <ljknews () mac com>]

At 1:03 PM +0930 8/1/04, Nick Lothian wrote:
> > > IMHO, though, any such effort is pointless.  The reality is 
> > that we're going
> > > to be stuck with C/C++, Java, C#, FORTRAN, COBOL, and various
> > > interpreted/scripting languages for a very long time.  

> What are peoples opinions of the languages listed above?
>
> Would I be overly controversial in saying:
>
> C/C++: Unsafe (for most people)

It is possible to code correctly in (almost) any language,
but the likelihood of success varies.  To me the big issue
of C* languages has to do with what assurances _management_
has that the effort will result in correct code.

The C++ compilers I know of allow a programmer to drop into
raw C, and given the low level of understanding safety and
security issues across the programming population there will
be a strong temptation to do that.

> Java/C#: Reasonably safe (both provide protection against buffer overflows,
> are type safe and provide built-in security mechanisms)
> FORTRAN/COBOL: Don't know - my impression is that COBOL is fairly safe
> Scripting Languages: Depends on the language. Lack of type safety can be a
> problem, but on the other hand they are usually safe from buffer overflows
> and the fact they you can do a lot more in fewer lines of code can make the
> code safer by making errors more obvious.
>
> Are there other languages in widespread use (ie, the language must be used
> more than - say - Python) that are safer than those listed above? 

Certainly Ada is a lot safer than those above, and the SPARK subset
we have discussed here is even safer (not just by being a subset but
also by supporting proofs of correctness).  SPARK is much less widely
deployed that whatever was used to implement Internet Explorer, but I
have strong preference as to which of the two I would want used in the
programming of fly-by-wire for an airplane on which I fly.
-- 
Larry Kilgallen