Secure Coding mailing list archives

The Importance of Type Safety

From: andrews at rbacomm.com (Brad Andrews)
Date: Mon, 23 Mar 2009 12:37:11 -0500



Sure, but I would challenge that it is a rather meaningless statement.  
  I can keep my children safer if I keep them inside and eliminate all  
the sharp corners, but then they will never get to use the swimming  
pool in our back yard.  Type safety can be good and appropriate, but  
it is not the only factor.

Perhaps we will get to a world where all the "management overhead"  
doesn't matter, but until then, the extra cost for type safety should  
be weighed against other factors, not just discounted out of hand.

Getting back to the topic at hand, perhaps building a Sauder cabinet  
is less likely to end up having you harm yourself with tools, but the  
end product is not always as strong.  The "price" of having more  
structure is the loss of some high end features.  That said, I own  
some such shelving and they work fairly well, but I don't discount  
building shelves (letting someone else do the work) because of a  
higher "risk" doing so.

Just a thought.

Brad

Quoting Gary McGraw <gem at cigital.com>:

Building secure software in a non type safe language is much harder   
than building secure software in a type safe language (like Java or   
C#).

Current thread:

Supply Chain Resiliency Project Assistance, (continued)
- - - Supply Chain Resiliency Project Assistance Wisseman, Stan [USA] (Mar 22)
    - Supply Chain Resiliency Project Assistance Sammy Migues (Mar 22)
    - Supply Chain Resiliency Project Assistance Dave Wichers (Mar 23)
    - Supply Chain Resiliency Project Assistance Mason Brown (Mar 23)
    - Supply Chain Resiliency Project Assistance Rohit Lists (Mar 23)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Florian Weimer (Mar 21)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Gary McGraw (Mar 20)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) ljknews (Mar 21)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Steven M. Christey (Mar 22)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Gary McGraw (Mar 23)
    - The Importance of Type Safety Brad Andrews (Mar 23)
    - The Importance of Type Safety Carl Alphonce (Mar 23)
    - The Importance of Type Safety AF (Mar 23)
    - The Importance of Type Safety Brad Andrews (Mar 23)
    - The Importance of Type Safety Jeremy Epstein (Mar 23)
    - The Importance of Type Safety AF (Mar 26)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Andy Steingruebl (Mar 24)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Gary McGraw (Mar 25)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Andy Steingruebl (Mar 25)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) ljknews (Mar 25)
    - Message not available
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Andy Steingruebl (Mar 25)

(Thread continues...)