On Friday, 3 March 2017 at 16:43:05 UTC, Kagamin wrote:
On Friday, 24 February 2017 at 19:19:57 UTC, Moritz Maxeiner
wrote:
*Then* you have to provide conclusive (or at the very least
hard to refute) proof that the reason that no one could break
them were the memory safety features; and then, *finally*, you
can point to all the people *still not using memory safe
languages* and say "Told you so".
Such proof is impossible because correct programs can be
written in unsafe languages.
And you can write memory incorrect programs in what's currently
called memory safe languages[1], which is we need more programs
in such languages to reach a reasonable sample size for
comparison and analysis against programs in classic languages
such as C/C++.
A formal, mathematical proof is impossible, yes, but if you have
a large enough sample size of programs in a memory safe(r)
language, *and* can verify that they are indeed memory correct
(and thus not open to all the usual attack vectors), then that
falls what I'd categorize under "hard to refute". But you're
right, I should've been more specific, my bad.
[1]
https://www.x41-dsec.de/reports/Kudelski-X41-Wire-Report-phase1-20170208.pdf