On Sat, Dec 22, 2007 at 12:06:34PM +0100, Brian Hansen wrote: > > I address this issue on this list, because a lot of people here are very > skillfull C programmers. > > When looking at some of the different "reasons for security problems" such > as: > http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/ > > I can't help wonder, why so much software are being developed using C. > > To conclude my study I appreciate any help on the following questions: > > 1. If security is a major concern, or perhaps The Main Concern, why not use > Ada? I specifically mention Ada since one of the most security demanding > industries are building aircrafts and they use Ada.
I've been wondering the same thing ever since I started learning about Ada. So many of the problems found during OpenBSD code audits would have been found at compile time if written in Ada since the Ada compiler itself looks for them. As you know, it also keeps track of things during run-time. > > 2. Rather than auditing a lot of code, correcting a lot of coding mistakes, > like the OpenBSD security team has done, and still do, why not shift from C > to something, just as fast and powerfull as C, but more secure? Again like > Ada. (to completely avoid the possibilities of those errors). Considering that Ada was written in a language design-competition (and not written by a committee as is the common myth) to replace all the hundreds of languages used in the US military, it has to be able to do everything from low-level system programming to high-level computational computer modeling. The amzing thing is that it does it all so well on the full range of hardware from an anti-tank missle to a Cray. It also is trivial to write for multiple-threads or multiple processors. Set up the program correctly and it will use whatever mult-* is available at run-time with no change in compilation; if no threading or only a single processor is available it will run just fine too. I haven't been able to find any OS that is written in Ada. There are probably lots of propriatary ones. Doug.
