[Full-Disclosure] automated vulnerability testing
Chris Adams
chris at improbable.org
Sat Nov 29 20:30:09 GMT 2003
On Nov 29, 2003, at 2:47, Choe.Sung Cont. PACAF CSS/SCHP wrote:
> Bill Royds wrote:
>> If you are truly interested in security, you won't use C as the
>> programming language.
> You must be shitting me.. C does have its inherent flaws but that
> doesn't
> mean that there cannot be a secure application written in C. This
> statement
> represents FUD at its highest level.
Name a single non-trivial application written in C which has not had at
least one of the classic C security problems.
That's why we need different languages: even if you're one of the
extraordinarily small number of programmers who can write C without
bugs, there's abundant evidence that the average C programmer cannot be
trusted to do so.
The other problem is productivity - C programmers have to write
significantly more code to produce equivalent functionality which both
increases the opportunity for errors and decreases the time available
to find and fix those errors, identify design oversights, etc.
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2369 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031129/a30beb83/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.