Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Programming language comparison?

From: cew at ACM.ORG (Craig E. Ward)
Date: Mon, 4 Feb 2008 18:49:51 -0800
My final paper for my masters degree was on how some vulnerabilities 
manifest themselves, or fail to manifest, in different programming 
languages. I included C, C++, Java, Perl, and Standard ML. The title 
of the paper is "Implications of Programming Language Selection On 
the Construction of Secure Software Systems." You can find a link to 
it at my work web page: 
http://www.isi.edu/~cward/papers/LMU/index.html.

One of the points I was trying to make in the paper is that the 
security attributes of a programming language were also important to 
take into consideration when selecting a language for a particular 
task. I'm glad that you're incorporating this into your process.

Craig

At 1:16 PM +0100 2/4/08, Vincent Verhagen wrote:

Hi all,

I was referred to this list by a fellow security consultant for this
specific question. Please forgive me if this is the wrong forum :)

We're in the process of creating a kind of handbook for third parties
that develop web applications for us.
One (quite extensive, I'm happy to report) chapter will be about
security and for that I'm looking for a comparison of common
programming/scripting languages (PHP, C variants, JAVA, etc) their
specific risks and why or why not to use them.
Has anyone created such an overview I could use as a basis to work from?

Thanks in advance!

Vincent Verhagen
Simac ICT Netherlands


-- 
Internet: cew at ACM.ORG
"If a program has not been specified, it cannot be incorrect; it can 
only be surprising." (Young, Boebert, and Kain)
Previous By Date Next
Previous By Thread Next

Current thread: