[Full-Disclosure] automated vulnerability testing
avalon at caligula.anu.edu.au
Sun Nov 30 19:48:02 GMT 2003
In some mail from Choe.Sung Cont. PACAF CSS/SCHP, sie said:
> Bill Royds wrote:
> > If you are truly interested in security, you won't use C as the
> > language.
> You must be shitting me.. C does have its inherent flaws but that doesn't
> mean that there cannot be a secure application written in C. This statement
> represents FUD at its highest level.
In a sense, he is right. The effort you need to go to with C in order
to code "securely" is obscene. Programming should evolve to a point
where programmers don't need to worry about crap like that unless they're
writing bootstrap code for an OS loader (or similar). Sooner or later,
C needs to become obsolete.
That aside, I can program more easily and securely in Java than I can
with C, any time. The "more securely" comes from it being easier to
understand by others as much as anything else.
Full-Disclosure is hosted and sponsored by Secunia.