, 2003-03-26
Until Unix and Linux programmers get over their macho love for low-level programming languages, the security holes will continue to flow freely.
Expand all |
Post comment
Too Cool For Secure Code
2003-03-26
Anonymous (4 replies)
Anonymous (4 replies)
That's the wrong attitude.
2003-03-26
Anonymous (26 replies)
Anonymous (26 replies)
That's the wrong attitude.
2003-03-27
dbtid (1 replies)
dbtid (1 replies)
This is hogwash... I guess we should all use VB? That's High Level and we know how "bug" free that is.
2003-03-27
Anonymous
Anonymous
This is so funny - linux on linux battle
2003-04-02
Anonymous (1 replies)
Anonymous (1 replies)
1. There never has been "requirements" about security when writing code for an application. Maybe if you are building something for the defense department...
2. He says to not use C/C++, but he doesn't say what to use. And he refers to languages like Perl, Python, ... and says that you can still have security holes using these tools.
To his credit, he does suggest using other tools which will help contain bugs like this. But will this eliminate them? Probably not, but they will probably minimize them.
Therefore, number 2 doesn't apply since even higher level languages can have security issues.
Number 1 does apply. We need to code for security in everything.
And therefore, his whole argument about the "macho C/C++" coder is bogus, because he has no basis for his argument.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/150/18821#18821