Sure they could possibly find other ways to write insecure code, but the issue is not whether its possible; of course its possible.
The issue is the relative difficulty of writing insecure code. In C, to write secure code, one might have to re-implement a huge array of data types and so forth. (as was mentioned in the previous post; "You then need to invent your own data types as you just did with your subroutine, which still risks a buffer overflow because strlen itself still looks for the null byte at end of string and so can overflow its internal counters.") Is it beyond all possibility that there exist languages in which the very reverse is true? ie Languages in which one would have to reimplement data types and so forth in order to be able to write insecure code? Can there exist such a language?? I reckon so. [huge snip losing all attributions and context] > So which makes more sense to you? To convert the world's > programmers to a new language? Or to teach them to code securely? Surely, if > we were to replace C today, they would just find other ways to write > insecure code? [snipped out all the rest] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
