Monique Y. Mudama wrote: > On 2006-04-25, Roberto C. Sanchez penned: > >>I think you are twisting Ron's point. His original point was that >>some languages (like C/C++) make it possible to have hard to detect >>subtle faults that become security problems. Other languages (like >>COBOL) do away with those subtle issues. Essentially, you have to >>try and be determined to write something insecure. I think his >>discussion focused on strings, but it probably extends to other >>things as well. > > > I'm not trying to twist anything. I do agree that language features > can help prevent all sorts of bugs and security issues. > > I guess I'm just responding to an argument (maybe it only exists in my > head) that "Oh, if we code in <x language>, we will never have to > worry about security again!" The language may reduce certain types of > security issues, but you still need to pay attention. > Agreed. There seems to be far too much of that going around. "Let's code in Java, since it's garbage collected and we won't have to manage memory." Both on the security front and the performance front. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto
Attachment:
signature.asc
Description: OpenPGP digital signature