Secure Coding mailing list archives
Mainframe Security
From: fw at deneb.enyo.de (Florian Weimer)
Date: Sat, 03 Nov 2007 15:22:07 +0100
At 11:45 PM +0100 11/2/07, Florian Weimer wrote:My limited exposure to Cobol makes me think it is as unlikely to have a buffer overflow as PL/I or Ada.Usually, Ada programmers switch off bounds checking before shipping code. I don't know why Ada has such a reputation for robustness.Can you provide a pointer to the study showing that ?
A lot of programmers used to follow the example of GNAT's run-time library, which is compiled with -gnatp, turning off bounds checks (among others). There's also a certain influence from the certification crowd who detests dead code. But it seems that there's been a move away from -gnatp during the last couple of years. I hadn't noticed this. Thanks.
Current thread:
- Mainframe Security, (continued)
- Mainframe Security Kenneth Van Wyk (Nov 01)
- Mainframe Security ljknews (Nov 01)
- Mainframe Security Paul Powenski (Nov 01)
- Mainframe Security Johan Peeters (Nov 02)
- Mainframe Security ljknews (Nov 02)
- Message not available
- Message not available
- Mainframe Security ljknews (Nov 02)
- Mainframe Security Glenn and Mary Everhart (Nov 02)
- Mainframe Security Gergely Buday (Nov 02)
- Mainframe Security Florian Weimer (Nov 02)
- Mainframe Security ljknews (Nov 02)
- Mainframe Security Florian Weimer (Nov 03)
- Mainframe Security Andrew van der Stock (Nov 17)
- Mainframe Security Edward N Schofield (Nov 01)
- Microsoft Pushes Secure, Quality Code Gunnar Peterson (Oct 09)