Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Too Cool For Secure Code
Jon Lasser, 2003-03-26

Until Unix and Linux programmers get over their macho love for low-level programming languages, the security holes will continue to flow freely.

Comments Mode:
Too Cool For Secure Code 2003-03-26
Anonymous (3 replies)
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-28
DrNerdware
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-26
Anonymous (4 replies)
Too Cool For Secure Code 2003-03-27
Anonymous (1 replies)
Don't Forget Ada! 2003-04-02
StealthBadger
Solving the problem 2003-03-27
Peter Ross
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous (1 replies)
Too Cool For Secure Code 2003-04-07
jhon blacken
That's the wrong attitude. 2003-03-26
Anonymous (26 replies)
That's the wrong attitude. 2003-03-27
Anonymous
Secure languages? 2003-03-27
Anonymous
That's the wrong attitude. 2003-03-27
Anonymous
That's the wrong attitude. 2003-03-27
dbtid (1 replies)
That's the wrong attitude. - haha, time to upgrade 2003-03-30
Anonymous (1 replies)
That's the wrong attitude. - haha, time to upgrade 2003-04-01
Penguinisto
That's the wrong attitude. 2003-03-27
Anonymous
ok but... 2003-03-27
SeJo
Re: That's the wrong attitude. 2003-03-27
George Barbarosie
That's the wrong attitude. 2003-03-27
Listener
While reading this thread, I had to wonder. Many of the vulnerablities listed require use of older code for the products listed as they get updated rather rapidly, and the base distro being something along the lines of pre kernel 2.0.
I think your trying to make a very valid point in your article, however with such blaring generalities and a swath of paranoia based on currently unused code you kinda miss putting out what your actualy trying to state.
When a reader has to throw out half an article to make it valuable perhaps not enough research was used in making it. Please consider re-writing the article because what you are trying to say needs to be said no matter how popular it is.

IMHO it all comes down to the hubris of a coder and not the language they use. Why use an optimizing code base like C or C++? Because when I run my email client I want to be able to run other tasks as well. Outlook, An appliction writtin in a combination of languages takes up between 1 and 30% of my resources depending on how active it gets, Nice application on my windows machine but it turns my very expensive high powered lots a memory system into an email kiosk if It desires to. This is a description to show that there are more things to consider than if it works or not but how well it works. Code control is something the Coder needs to take into hand and throwing out unsecured facts just gives us more problems and less solutions.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/150/18863#18863
Tools matter 2003-03-27
Jon
You are an idiot (or a troll). 2003-03-27
Anonymous
That's the wrong attitude. 2003-03-27
Anonymous
Re: That's the wrong attitude. 2003-03-27
CondorDes
That's the wrong attitude. 2003-03-27
Anonymous
That's the wrong attitude. 2003-03-27
Ron
Re:That's the wrong attitude. 2003-03-27
Anonymous
That's the wrong attitude. 2003-03-28
Anonymous
That's the wrong attitude. 2003-03-28
DrNerdware
That's the wrong attitude. 2003-03-28
Anonymous
Obsolete thinking. 2003-03-28
Anonymous
That's the wrong attitude. 2003-03-28
Anonymous
That's the wrong attitude. 2003-03-28
Anonymous
That's the wrong attitude. 2003-03-28
Anonymous
That's the wrong attitude. 2003-03-28
Anonymous
Type safety is good 2003-03-28
Anonymous
Real issue: don't make the same mistakes. 2003-03-29
Anonymous
I totally agree 2003-04-08
Anonymous
Nonsense 2003-03-26
Anonymous
Too Cool For Secure Code 2003-03-26
Anonymous
Too Cool For Secure Code 2003-03-26
Anonymous
Too Cool For Secure Code 2003-03-26
Anonymous
Too Cool For Secure Code 2003-03-26
Anonymous (1 replies)
Too Cool For Secure Code 2003-03-31
SK
Too Cool For Secure Code 2003-03-26
Anonymous
Too Cool For Secure Code 2003-03-26
Anonymous
Too Cool For Secure Code 2003-03-26
mk
Slow news day? 2003-03-27
TJ Miller jr
Too Cool For Secure Code 2003-03-27
Marion De Liau (1 replies)
Too Cool For Secure Code 2003-03-31
Anonymous
Strong Typing, etc. 2003-03-27
RC
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Right idea, wrong solution 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Fra. 219
This is hogwash... I guess we should all use VB? That's High Level and we know how "bug" free that is. 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
so pilots can't really fly? 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Work at a C shop guys? 2003-03-27
Anonymous
Oh Boy 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Shawn
This is exactly right. 2003-03-27
Anonymous
Johnathan Lasser Isn't a a Programmer 2003-03-27
Someone Who Actually Writes Code (1 replies)
Johnathan Lasser Isn't a a Programmer 2003-04-02
Anonymous
Too Cool For Secure Code 2003-03-27
Das Megabyte (1 replies)
Too Cool For Secure Code 2003-04-08
ibanix
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Tirs
Too Cool For Secure Code 2003-03-27
Dave
Too Cool For Secure Code 2003-03-27
Ivan Vecerina
Too Cool For Secure Code 2003-03-27
Anonymous
Crap 2003-03-27
terber
christ, what a whinger 2003-03-27
mark hahn (hahn@mcmaster.ca)
Too Cool For Secure Code 2003-03-27
Anonymous
Syte and Methodology not the Tool 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
I Dont Think So 2003-03-27
Randy LeJeune
Too Cool For Secure Code 2003-03-27
X-Nc
Too Cool For Secure Code 2003-03-27
Kirk Rafferty (kirk_at_rafferty.org)
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Things should change 2003-03-27
Matthew B
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
I agree entirely 2003-03-27
Iain Collins (iain_collins@mac.com)
Too Cool For Secure Code 2003-03-27
Anonymous
Thats the _right_ attitude 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Sticks-and-Stones programming tools 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Higher level languages also insecure 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Bad code is a result of a poor development process 2003-03-27
c0d3cr33p@hotmail.com
Too Cool For Secure Code 2003-03-27
Synonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
simply sloppy programming 2003-03-27
rishab
Its not macho love its SKILLS! 2003-03-27
Anonymous
Silly 2003-03-27
Anonymous
Boo. 2003-03-27
Anonymous
(sigh) 2003-03-27
grey
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
I agree 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
It's Too Cool To Criticize Programmers 2003-03-27
PipTigger
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Java as a solution 2003-03-27
Anonymous
Many scripting languages don't scale 2003-03-27
PyMan
Too Cool For Secure Code 2003-03-27
Anonymous
MS security much worse. 2003-03-27
Ron
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
No.. No.. No.. 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too cool for secure code 2003-03-27
Ben
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Partially true 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Couldn't agree more 2003-03-28
Anonymous
Software responsibilities 2003-03-28
Anonymous
Blame the coder, not the language 2003-03-28
Anonymous
Alternatives? 2003-03-28
Anonymous
Too Cool For Tested Code? 2003-03-28
Werm
Too Cool For Secure Code 2003-03-28
Lee Reynolds
Stupidest piece I have ever read. 2003-03-28
Anonymous
Too Cool? No, not really. 2003-03-28
clee
Stop wasting electrons and our time 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code - Wise Words 2003-03-28
DrNerdware
Too Cool For Secure Code 2003-03-28
Angelos Karageorgiou
Too Cool For Secure Code 2003-03-28
Philips
Too Cool For Secure Code 2003-03-28
Anonymous
Way Kewl For Secure Code 2003-03-28
fnaaijkens@ultihouse.com
Too Cool For Secure Code 2003-03-28
Anonymous
For what it's worth, RPC wasn't 2003-03-28
Anonymous
Too Cool For Secure Code? My two cents 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
vijeno <vijen0@yahoo.com>
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
User clients are rarely security risks 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Re: Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-29
Anonymous
That was a joke ? 2003-03-29
Anonymous
Too Cool For Secure Code 2003-03-29
blacklight
I Agree 2003-03-29
LesPaul
Too Cool For Secure Code 2003-03-29
Not Really Anonymous
Too Cool For Secure Code - USE VB! 2003-03-30
Anonymous (1 replies)
Too Cool For Secure Code - USE VB! 2003-04-01
Anonymous
goto india; 2003-03-30
mummer the bard
Portability, efficentcy, hot air 2003-03-31
jthomas@poweronemedia.com
Too Cool For Secure Code 2003-03-31
G. Bailey Childs
Why say it's just Linux/unix? 2003-04-01
Ally
Too Cool For Secure Code 2003-04-01
Anonymous (1 replies)
Too Cool For Secure Code - uh, yeah no shit 2003-04-01
Anonymous
Too Cool For Secure Code -- Only Unix and Linux? 2003-04-02
winklessd@netscape.com
This is so funny - linux on linux battle 2003-04-02
Anonymous (1 replies)
This is so funny - linux on linux battle 2003-04-03
Anonymous (1 replies)
This is so funny - linux on linux battle 2003-04-03
Anonymous
The article reflets the writers inexperience 2003-04-08
Anonymous







 

Privacy Statement
Copyright 2008, SecurityFocus