[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] automated vulnerability testing

To: Sung.Choe@hickam.af.mil (Choe.Sung Cont. PACAF CSS/SCHP)
Subject: Re: [Full-Disclosure] automated vulnerability testing
From: Darren Reed <avalon@caligula.anu.edu.au>
Date: Mon, 1 Dec 2003 06:48:02 +1100 (Australia/ACT)

In some mail from Choe.Sung Cont. PACAF CSS/SCHP, sie said:
> 
> Bill Royds wrote:
> > If you are truly interested in security, you won't use C as the
> programming
> > language. 
> You must be shitting me..  C does have its inherent flaws but that doesn't
> mean that there cannot be a secure application written in C.  This statement
> represents FUD at its highest level.

In a sense, he is right.  The effort you need to go to with C in order
to code "securely" is obscene.  Programming should evolve to a point
where programmers don't need to worry about crap like that unless they're
writing bootstrap code for an OS loader (or similar).  Sooner or later,
C needs to become obsolete.

That aside, I can program more easily and securely in Java than I can
with C, any time.  The "more securely" comes from it being easier to
understand by others as much as anything else.

Darren

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Kevin Mitnick Domain Name for Sale
Next by Date: Re: [Full-Disclosure] #hackphreak lecture series
Previous by thread: Re: [Full-Disclosure] Kevin Mitnick Domain Name for Sale
Next by thread: Re: [Full-Disclosure] automated vulnerability testing
Index(es):
- Date
- Thread