wt., 14 gru 2021 o 15:12 Andrew Rowley <and...@blackhillsoftware.com> napisaĆ(a):
> On 14/12/2021 12:30 am, Filip Palian wrote: > > My intention was to share information about the vulnerabilities affecting > > Java language. (Without performing a proper comparison) I'd prefer not to > > get into discussion about one language being less secure than another. > "Java is insecure" is an implicit comparison with other languages. If > there isn't another language that is more secure, the statement is as I > said, unfair. > I didn't state in this thread at any point that "java is insecure". It does sound like it is effectively a sandbox bypass. Can you run other > languages e.g. C in the same environment securely? Unfortunately, I won't be able to answer this question. > If one language has > security but there are occasional vulnerabilities discovered, and > another has no security at all, is it reasonable to call the first > insecure? > In order to compare security of programming languages one would have to consider technical and non-technical aspects. For example: - Frequency at which security fixes are released (and how quickly they're available since vulnerability discovery/report); - The entire SDLC process; - Built-in security controls such as type-safety, safe memory management etc.; - Number of already identified vulnerabilities in the implementation. - and much more. As always, the right tool for the right job should be used at the right time. Cheers, s1m0n ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN