Hi. I address this issue on this list, because a lot of people here are very skillfull C programmers.
When looking at some of the different "reasons for security problems" such as: http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/ I can't help wonder, why so much software are being developed using C. To conclude my study I appreciate any help on the following questions: 1. If security is a major concern, or perhaps The Main Concern, why not use Ada? I specifically mention Ada since one of the most security demanding industries are building aircrafts and they use Ada. 2. Rather than auditing a lot of code, correcting a lot of coding mistakes, like the OpenBSD security team has done, and still do, why not shift from C to something, just as fast and powerfull as C, but more secure? Again like Ada. (to completely avoid the possibilities of those errors). 3. Are there any real benefits in using C++ over C regarding security? Are C++ really "better" from a security perspective? 4. Has anyone from the OpenBSD team written any guidelines in "secure programming"? (I haven't been able to locate anything except some interviews and stuff). Thanks. Brad.
