Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Too Cool For Secure Code
Jon Lasser, 2003-03-26

Until Unix and Linux programmers get over their macho love for low-level programming languages, the security holes will continue to flow freely.

Comments Mode:
Too Cool For Secure Code 2003-03-26
Anonymous (3 replies)
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-28
DrNerdware
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-26
Anonymous (4 replies)
Too Cool For Secure Code 2003-03-27
Anonymous (1 replies)
Don't Forget Ada! 2003-04-02
StealthBadger
Solving the problem 2003-03-27
Peter Ross
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous (1 replies)
Too Cool For Secure Code 2003-04-07
jhon blacken
That's the wrong attitude. 2003-03-26
Anonymous (26 replies)
That's the wrong attitude. 2003-03-27
Anonymous
Secure languages? 2003-03-27
Anonymous
That's the wrong attitude. 2003-03-27
Anonymous
That's the wrong attitude. 2003-03-27
dbtid (1 replies)
That's the wrong attitude. - haha, time to upgrade 2003-03-30
Anonymous (1 replies)
That's the wrong attitude. - haha, time to upgrade 2003-04-01
Penguinisto
That's the wrong attitude. 2003-03-27
Anonymous
ok but... 2003-03-27
SeJo
Re: That's the wrong attitude. 2003-03-27
George Barbarosie
That's the wrong attitude. 2003-03-27
Listener
Tools matter 2003-03-27
Jon
You are an idiot (or a troll). 2003-03-27
Anonymous
That's the wrong attitude. 2003-03-27
Anonymous
Re: That's the wrong attitude. 2003-03-27
CondorDes
That's the wrong attitude. 2003-03-27
Anonymous
That's the wrong attitude. 2003-03-27
Ron
Re:That's the wrong attitude. 2003-03-27
Anonymous
That's the wrong attitude. 2003-03-28
Anonymous
That's the wrong attitude. 2003-03-28
DrNerdware
So why not take your reasoning a bit further, and write your code in assembly language? We use higher level languages for good reasons, and we choose to pay a small price for the advantages.

Lasser didn't say that higher level languages alone will make code more secure. Nor does his argument imply that we have to use costly tools to implement those languages. Your argument sounds like the classic attack on anything that uses GC. "You can't do that because...it's slow and it's a memory hog."
Well, that's a myth. We can and we do.

There are some poor examples, and there are some good examples, but really this is just a matter of what price you're willing to pay. Perhaps you don't wish to use language X because you've used an implementation of X that doesn't perform as well as you'd like. Ok, that's your experience and your choice. We don't all share your experience and we don't all make your choices.

Lasser's point about insecure code written in C/C++ still stands. We can eliminate buffer overflow bugs for a small price. If that price is too high for you, please understand that others are happy to pay it to get more secure code.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/150/18984#18984
That's the wrong attitude. 2003-03-28
Anonymous
Obsolete thinking. 2003-03-28
Anonymous
That's the wrong attitude. 2003-03-28
Anonymous
That's the wrong attitude. 2003-03-28
Anonymous
That's the wrong attitude. 2003-03-28
Anonymous
That's the wrong attitude. 2003-03-28
Anonymous
Type safety is good 2003-03-28
Anonymous
Real issue: don't make the same mistakes. 2003-03-29
Anonymous
I totally agree 2003-04-08
Anonymous
Nonsense 2003-03-26
Anonymous
Too Cool For Secure Code 2003-03-26
Anonymous
Too Cool For Secure Code 2003-03-26
Anonymous
Too Cool For Secure Code 2003-03-26
Anonymous
Too Cool For Secure Code 2003-03-26
Anonymous (1 replies)
Too Cool For Secure Code 2003-03-31
SK
Too Cool For Secure Code 2003-03-26
Anonymous
Too Cool For Secure Code 2003-03-26
Anonymous
Too Cool For Secure Code 2003-03-26
mk
Slow news day? 2003-03-27
TJ Miller jr
Too Cool For Secure Code 2003-03-27
Marion De Liau (1 replies)
Too Cool For Secure Code 2003-03-31
Anonymous
Strong Typing, etc. 2003-03-27
RC
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Right idea, wrong solution 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Fra. 219
This is hogwash... I guess we should all use VB? That's High Level and we know how "bug" free that is. 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
so pilots can't really fly? 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Work at a C shop guys? 2003-03-27
Anonymous
Oh Boy 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Shawn
This is exactly right. 2003-03-27
Anonymous
Johnathan Lasser Isn't a a Programmer 2003-03-27
Someone Who Actually Writes Code (1 replies)
Johnathan Lasser Isn't a a Programmer 2003-04-02
Anonymous
Too Cool For Secure Code 2003-03-27
Das Megabyte (1 replies)
Too Cool For Secure Code 2003-04-08
ibanix
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Tirs
Too Cool For Secure Code 2003-03-27
Dave
Too Cool For Secure Code 2003-03-27
Ivan Vecerina
Too Cool For Secure Code 2003-03-27
Anonymous
Crap 2003-03-27
terber
christ, what a whinger 2003-03-27
mark hahn (hahn@mcmaster.ca)
Too Cool For Secure Code 2003-03-27
Anonymous
Syte and Methodology not the Tool 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
I Dont Think So 2003-03-27
Randy LeJeune
Too Cool For Secure Code 2003-03-27
X-Nc
Too Cool For Secure Code 2003-03-27
Kirk Rafferty (kirk_at_rafferty.org)
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Things should change 2003-03-27
Matthew B
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
I agree entirely 2003-03-27
Iain Collins (iain_collins@mac.com)
Too Cool For Secure Code 2003-03-27
Anonymous
Thats the _right_ attitude 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Sticks-and-Stones programming tools 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Higher level languages also insecure 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Bad code is a result of a poor development process 2003-03-27
c0d3cr33p@hotmail.com
Too Cool For Secure Code 2003-03-27
Synonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
simply sloppy programming 2003-03-27
rishab
Its not macho love its SKILLS! 2003-03-27
Anonymous
Silly 2003-03-27
Anonymous
Boo. 2003-03-27
Anonymous
(sigh) 2003-03-27
grey
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
I agree 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
It's Too Cool To Criticize Programmers 2003-03-27
PipTigger
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Java as a solution 2003-03-27
Anonymous
Many scripting languages don't scale 2003-03-27
PyMan
Too Cool For Secure Code 2003-03-27
Anonymous
MS security much worse. 2003-03-27
Ron
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
No.. No.. No.. 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too cool for secure code 2003-03-27
Ben
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-27
Anonymous
Partially true 2003-03-27
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Couldn't agree more 2003-03-28
Anonymous
Software responsibilities 2003-03-28
Anonymous
Blame the coder, not the language 2003-03-28
Anonymous
Alternatives? 2003-03-28
Anonymous
Too Cool For Tested Code? 2003-03-28
Werm
Too Cool For Secure Code 2003-03-28
Lee Reynolds
Stupidest piece I have ever read. 2003-03-28
Anonymous
Too Cool? No, not really. 2003-03-28
clee
Stop wasting electrons and our time 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code - Wise Words 2003-03-28
DrNerdware
Too Cool For Secure Code 2003-03-28
Angelos Karageorgiou
Too Cool For Secure Code 2003-03-28
Philips
Too Cool For Secure Code 2003-03-28
Anonymous
Way Kewl For Secure Code 2003-03-28
fnaaijkens@ultihouse.com
Too Cool For Secure Code 2003-03-28
Anonymous
For what it's worth, RPC wasn't 2003-03-28
Anonymous
Too Cool For Secure Code? My two cents 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
vijeno <vijen0@yahoo.com>
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
User clients are rarely security risks 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-28
Anonymous
Re: Too Cool For Secure Code 2003-03-28
Anonymous
Too Cool For Secure Code 2003-03-29
Anonymous
That was a joke ? 2003-03-29
Anonymous
Too Cool For Secure Code 2003-03-29
blacklight
I Agree 2003-03-29
LesPaul
Too Cool For Secure Code 2003-03-29
Not Really Anonymous
Too Cool For Secure Code - USE VB! 2003-03-30
Anonymous (1 replies)
Too Cool For Secure Code - USE VB! 2003-04-01
Anonymous
goto india; 2003-03-30
mummer the bard
Portability, efficentcy, hot air 2003-03-31
jthomas@poweronemedia.com
Too Cool For Secure Code 2003-03-31
G. Bailey Childs
Why say it's just Linux/unix? 2003-04-01
Ally
Too Cool For Secure Code 2003-04-01
Anonymous (1 replies)
Too Cool For Secure Code - uh, yeah no shit 2003-04-01
Anonymous
Too Cool For Secure Code -- Only Unix and Linux? 2003-04-02
winklessd@netscape.com
This is so funny - linux on linux battle 2003-04-02
Anonymous (1 replies)
This is so funny - linux on linux battle 2003-04-03
Anonymous (1 replies)
This is so funny - linux on linux battle 2003-04-03
Anonymous
The article reflets the writers inexperience 2003-04-08
Anonymous







 

Privacy Statement
Copyright 2008, SecurityFocus