Secure Coding mailing list archives
Programming languages -- the "third rail" of secure coding
From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Mon, 19 Jul 2004 21:52:34 +0100
Greetings, It appears as though we may well have discovered software security's third rail over the last couple of weeks in the discussions regarding programming language choices. I don't mean to fan those flames by any means, trust me. However, I noticed several announcements for PHP version 5 (see http://www.zend.com/ for the official announcement and press release) over the weekend. PHP has long been the whipping boy of secure programming, and version 5 appears to add a great deal of new functionality to this popular language. Secure or not, there's a lot of PHP users and coders out there, and this added complexity certainly enhances its "trinity of trouble" profile (with respect to Gary McGraw's "Exploiting Software"). Along those lines, there's a good article at http://otn.oracle.com/pub/articles/hull_asp.html that compares PHP5 against ASP.NET, including the security features of each. Happy reading... Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com
Current thread:
- Programming languages -- the "third rail" of secure coding Kenneth R. van Wyk (Jul 19)
- RE: Programming languages -- the "third rail" of secure coding Michael S Hines (Jul 20)
- Re: Programming languages -- the "third rail" of secure coding Dave Aronson (Jul 20)
- Re: Programming languages -- the "third rail" of secure coding Mark Rockman (Jul 21)
- RE: Programming languages -- the "third rail" of secure coding ljknews (Jul 20)
- Re: Programming languages -- the "third rail" of secure coding Erik van Konijnenburg (Jul 21)
- Re: Programming languages -- the "third rail" of secure coding der Mouse (Jul 20)
- Re: Programming languages -- the "third rail" of secure coding Crispin Cowan (Jul 21)
- Re: Programming languages -- the "third rail" of secure coding Craig E. Ward (Jul 22)
- Re: Programming languages -- the "third rail" of secure coding James Walden (Jul 21)
- Re: Programming languages -- the "third rail" of secure coding Dave Aronson (Jul 20)
- <Possible follow-ups>
- RE: Programming languages -- the "third rail" of secure coding Peter Amey (Jul 21)
(Thread continues...)
- RE: Programming languages -- the "third rail" of secure coding Michael S Hines (Jul 20)