RE: [Full-Disclosure] automated vulnerability testing

From: Bill Royds (full-disclosure_at_royds.net)
Date: 11/29/03

  • Next message: Michael Gale: "Re: [Full-Disclosure] automated vulnerability testing" 
    To: "'Peter Moody'" <peter@ucsc.edu>, <full-disclosure@lists.netsys.com>
Date: Sat, 29 Nov 2003 15:11:02 -0500

    Only a good programmer can write safe C.
    Most programmers are not good programmers.
    Therefore most C code is not safe and should not be trusted.

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Peter Moody
    Sent: November 29, 2003 12:52 PM
    To: full-disclosure@lists.netsys.com
    Subject: RE: [Full-Disclosure] automated vulnerability testing

    > your programmer must be perfect to guarantee security. C is best used for
    > low level programming where one needs to be close to the hardware
    > (programming in the small). It is not good for large applications where
    > modularity and flexibility are more important ( programming in the large).

    and for large applications where the programmer needs to be close to the
    hardware (programming in the?). like the 3.5 million lines of C code
    that comprise the linux kernel...

    I'm sick of lazy programmers who keep complaining how C doesn't hold
    your hand VB or some crap. The language does not the coder make. A
    good programmer will be able to make lisp, C, smalltalk (etc. etc.) do
    what they need it to. 

    -- 
Peter Moody                             <peter@ucsc.edu>
Information Security Administrator      831/459.5409
Communications and Technology Services. UC, Santa Cruz.
http://security.ucsc.edu/pgp/peter.moody.pub
:wq
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: Michael Gale: "Re: [Full-Disclosure] automated vulnerability testing"

    Relevant Pages

    • Re: Announce: Impulse C-to-RTL Version 2 now available
      ... is a useful replacement for VHDL and/or Verilog programming. ... There is also little benefit in doing "baby applications" ... hardware equivalents or pre-optimized library blocks ... HDL programming. ...
      (comp.arch.fpga)
    • Re: Trusted Web Part
      ... programming including web part creation should go to the sub newsgroup for ... (Just so you know next time - please then post programming questions only ... >> current site it is installed on, you can temporarily set its Safe ... >> Therefore when you try to install the web part by dragging it onto the ...
      (microsoft.public.sharepoint.windowsservices)
    • Re: Why does rewind() ignore errors?
      ... No. I'm saying you can never make it 'as safe as possible'. ... arrays, hashes and other safe libraries sitting on back burners, but I ... programming semantics that provide alternatives to other unsafe ... I might even consider counted strings, ...
      (comp.std.c)
    • Re: using self.free works better for me, why not???
      ... > No difference there with any other aspect of programming on the edge. ... even when one knows exactly what one is doing is not safe. ... doing vis a vis Self, one rarely knows with certainty what the rest of a ... the Delphi memory manager, but I suspect that object destruction can cause ...
      (comp.lang.pascal.delphi.misc)
    • Re: A Brief Look at History
      ... They only feel safe when ... they are manipulating the stack and programming something ... This is brilliant satire of the kind of Usenet denizen that resorts to ...
      (comp.lang.forth)