[SC-L] Programming language comparison?
Craig E. Ward
cew at ACM.ORG
Mon Feb 4 21:49:51 EST 2008
My final paper for my masters degree was on how some vulnerabilities
manifest themselves, or fail to manifest, in different programming
languages. I included C, C++, Java, Perl, and Standard ML. The title
of the paper is "Implications of Programming Language Selection On
the Construction of Secure Software Systems." You can find a link to
it at my work web page:
http://www.isi.edu/~cward/papers/LMU/index.html.
One of the points I was trying to make in the paper is that the
security attributes of a programming language were also important to
take into consideration when selecting a language for a particular
task. I'm glad that you're incorporating this into your process.
Craig
At 1:16 PM +0100 2/4/08, Vincent Verhagen wrote:
>Hi all,
>
>I was referred to this list by a fellow security consultant for this
>specific question. Please forgive me if this is the wrong forum :)
>
>We're in the process of creating a kind of handbook for third parties
>that develop web applications for us.
>One (quite extensive, I'm happy to report) chapter will be about
>security and for that I'm looking for a comparison of common
>programming/scripting languages (PHP, C variants, JAVA, etc) their
>specific risks and why or why not to use them.
>Has anyone created such an overview I could use as a basis to work from?
>
>Thanks in advance!
>
>Vincent Verhagen
>Simac ICT Netherlands
--
Internet: cew at ACM.ORG
"If a program has not been specified, it cannot be incorrect; it can
only be surprising." (Young, Boebert, and Kain)
More information about the SC-L
mailing list