Secure Coding mailing list archives

Mainframe Security

From: fw at deneb.enyo.de (Florian Weimer)
Date: Sat, 03 Nov 2007 15:22:07 +0100

At 11:45 PM +0100 11/2/07, Florian Weimer wrote:

My limited exposure to Cobol makes me think it is as unlikely to have
a buffer overflow as PL/I or Ada.


Usually, Ada programmers switch off bounds checking before shipping
code.  I don't know why Ada has such a reputation for robustness.


Can you provide a pointer to the study showing that ?


A lot of programmers used to follow the example of GNAT's run-time
library, which is compiled with -gnatp, turning off bounds checks (among
others). There's also a certain influence from the certification crowd
who detests dead code.

But it seems that there's been a move away from -gnatp during the last
couple of years.  I hadn't noticed this.  Thanks.

Current thread:

Mainframe Security, (continued)
- - - Mainframe Security Kenneth Van Wyk (Nov 01)
    - Mainframe Security ljknews (Nov 01)
    - Mainframe Security Paul Powenski (Nov 01)
    - Mainframe Security Johan Peeters (Nov 02)
    - Mainframe Security ljknews (Nov 02)
    - Message not available
    - Message not available
    - Mainframe Security ljknews (Nov 02)
    - Mainframe Security Glenn and Mary Everhart (Nov 02)
    - Mainframe Security Gergely Buday (Nov 02)
    - Mainframe Security Florian Weimer (Nov 02)
    - Mainframe Security ljknews (Nov 02)
    - Mainframe Security Florian Weimer (Nov 03)
    - Mainframe Security Andrew van der Stock (Nov 17)
    - Mainframe Security Edward N Schofield (Nov 01)
- Microsoft Pushes Secure, Quality Code Gary McGraw (Oct 09)
  - Microsoft Pushes Secure, Quality Code Gunnar Peterson (Oct 09)