Re: [Full-Disclosure] automated vulnerability testing
From: Darren Reed (avalon_at_caligula.anu.edu.au)
Date: 11/30/03
- Previous message: Tamer Sahin: "[Full-Disclosure] Kevin Mitnick Domain Name for Sale"
- In reply to: Choe.Sung Cont. PACAF CSS/SCHP: "[Full-Disclosure] automated vulnerability testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Sung.Choe@hickam.af.mil (Choe.Sung Cont. PACAF CSS/SCHP) Date: Mon, 1 Dec 2003 06:48:02 +1100 (Australia/ACT)
In some mail from Choe.Sung Cont. PACAF CSS/SCHP, sie said:
>
> Bill Royds wrote:
> > If you are truly interested in security, you won't use C as the
> programming
> > language.
> You must be shitting me.. C does have its inherent flaws but that doesn't
> mean that there cannot be a secure application written in C. This statement
> represents FUD at its highest level.
In a sense, he is right. The effort you need to go to with C in order
to code "securely" is obscene. Programming should evolve to a point
where programmers don't need to worry about crap like that unless they're
writing bootstrap code for an OS loader (or similar). Sooner or later,
C needs to become obsolete.
That aside, I can program more easily and securely in Java than I can
with C, any time. The "more securely" comes from it being easier to
understand by others as much as anything else.
Darren
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Tamer Sahin: "[Full-Disclosure] Kevin Mitnick Domain Name for Sale"
- In reply to: Choe.Sung Cont. PACAF CSS/SCHP: "[Full-Disclosure] automated vulnerability testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
