Secure Coding mailing list archives
Secure programming is NOT just good programming
From: ljknews at mac.com (ljknews)
Date: Thu, 12 Oct 2006 16:42:09 -0400
At 3:19 PM -0400 10/12/06, Leichter, Jerry wrote:
The only way forward is by having the *computer* do this kind of thing for us. The requirements of the task are very much like those of low-level code optimization: We leave that to the compilers today, because hardly anyone can do it well at all, much less competitively with decent code generators, except in very special circumstances. Code inspection tools are a necessary transitional step - just as Purify-like tools are an essential transitional step to find memory leaks in code that does manual storage management. But until we can figure out how to create safer *languages* - doing for security what garbage collection does for memory management - we'll always be several steps behind.
It is not adequate to *create* safer languages - it is necessary to have developers *use* those languages. Given the emphasis on C and C++ within posts on this list, that seems a long way off. -- Larry Kilgallen
Current thread:
- Secure programming is NOT just good programming David A. Wheeler (Oct 12)
- Secure programming is NOT just good programming Leichter, Jerry (Oct 12)
- Secure programming is NOT just good programming ljknews (Oct 12)
- Secure programming is NOT just good programming Leichter, Jerry (Oct 12)
- Secure programming is NOT just good programming ljknews (Oct 12)
- Secure programming is NOT just good programming mikeiscool (Oct 12)
- <Possible follow-ups>
- Secure programming is NOT just good programming Gary McGraw (Oct 12)
- Secure programming is NOT just good programming Kenneth Van Wyk (Oct 12)
- Secure programming is NOT just good programming Leichter, Jerry (Oct 12)