[SC-L] BSIMM: Confessions of a Software SecurityAlchemist(informIT)
ljknews
ljknews at mac.com
Wed Mar 25 12:18:48 EST 2009
At 11:42 AM -0400 3/25/09, Gary McGraw wrote:
> The code/data mix is certainly a problem. Also a problem
> is the way stacks grow on many particular machines, especially
> with common C/C++ compilers. You noted a Burroughs where
> things were done better. There are many others. C is
> usually just a sloppy mess by default.
>
> Language choice can sometimes make up for bad machine
> architecture, but ultimately at some level of computational
> abstraction they come to be the same thing. You may recall
> that I am a scheme guy. TI made a scheme machine that never
> caught on some years back (around the same time as the LISP
> machine...like emacs only even more bindings at least on the
> Symbolics <http://en.wikipedia.org/wiki/Lisp_machine>).
> Those machines had a fundamentally different architecture
> at the processor level.
Even with Ada (my favorite) it is _possible_ to violate type
safety. But it requires using a construct for which managers
can trivially scan the source code. And there are few cases
where it is _impossible_ to program in a type-safe manner.
C++ has an escape from type safety a bit harder to scan for -
dropping into C.
To determine the difference in the effective type safety of
two languages, consider the likelihood that the _average_
programmer is going to violate type safety. You cannot
manage to hire programmers exclusively from Lake Wobegon*.
Worry about enforcement by the hardware architecture after
you have squeezed out all errors that can be addressed by
software techniques.
--
Larry Kilgallen
* For non-US readers, Lake Wobegon is an imaginary
community where all the school children are above
average.
More information about the SC-L
mailing list