Re: Public disclosure of discovered vulnerabilities
From: Nick Maclaren (nmm1_at_cus.cam.ac.uk)
Date: 18 May 2005 20:13:58 GMT
In article <email@example.com>,
Colin Andrew Percival <firstname.lastname@example.org> wrote:
>In comp.arch D. J. Bernstein <email@example.com> wrote:
>> Obviously not. A typical developer doesn't even _consider_ writing
>> programs in Lisp, for example, even though that would vastly improve his
>> chances of writing secure code.
>I'm not sure I agree here. Code written in Lisp is less likely to
>contain buffer overflows, certainly, but it is probably far more likely
>to be vulnerable to timing attacks.
Plus people can write ghastly code in any language, and are likely
to be lulled into a false sense of security.