On 04/15/2013 08:17 PM, Miloslav Trmač wrote:
Sure, moving away from C/C++ does not make programs completely secure; however, on average, C/C++ programs are noticeably less secure (because most vulnerabilities that can happen in higher-level languages can also happen in C, but not the other way around).
To illustrate this point, here's a fairly concrete example: If you have got a program that is written in a memory-safe language which also provides some form of encapsulation, it is possible to demonstrate convincingly (*) that a software module which provides an encryption/decryption service never leaks the key material. If there is no memory safety, other code in the program could peek at the key bits, and encapsulation is no longer guaranteed. What should be a local property of the module now turns into a global property of the program, making review more difficult.
(*) As soon as cryptography is involved, mathematically rigorous results are the exception.
-- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
