On 12:06:34 Dec 22, Brian Hansen wrote: > Hi. > > I address this issue on this list, because a lot of people here are very > skillfull C programmers.
Yes. OpenBSD not only is secure , the code is also exceedingly beautiful. You can discern a certain artistic beauty in the way code is written, even commented. If you don't believe me, take a look at IPsec implementation in the other BSDs from KAME and the one in OpenBSD. ;) If you are really bold, also see the same under linux. www.freeswan.org which was abandoned. The code is so direct, clear and straight forward. Security can be obtained only thro' simplicity, less code and good review process. OpenBSD's C coding process ensures all three. And more. It is not possible for ssh to be so secure but for these practices. If you look at secure code from other projects, you will find that the code is so poorly indented, carelessly written and all sorts of tricks resorted to. This makes review ineffective and audit close to impossible. It is not just the programming language. It is also how it is used and who uses it that matters. In Tamil, my mother tongue there is a beautiful simile. "Flower garland in the hand of a monkey." You need really smart people to do a good job. Even the best of tools will be misused by incompetent people the same way a flower garland is spoilt by a monkey. > > When looking at some of the different "reasons for security problems" such > as: > http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/ > > I can't help wonder, why so much software are being developed using C. > > To conclude my study I appreciate any help on the following questions: > > 1. If security is a major concern, or perhaps The Main Concern, why not use > Ada? I specifically mention Ada since one of the most security demanding > industries are building aircrafts and they use Ada. > I dunno about ada. > 2. Rather than auditing a lot of code, correcting a lot of coding mistakes, > like the OpenBSD security team has done, and still do, why not shift from C > to something, just as fast and powerfull as C, but more secure? Again like > Ada. (to completely avoid the possibilities of those errors). There is simply no alternative to C. Period. > 3. Are there any real benefits in using C++ over C regarding security? Are > C++ really "better" from a security perspective? C++ is a disease. A horrible programming language. > 4. Has anyone from the OpenBSD team written any guidelines in "secure > programming"? (I haven't been able to locate anything except some interviews > and stuff). Check out the papers on http://www.openbsd.org/papers/ You can take a look at one of them on OpenBSD culture. -Girish
