> Hi. > > I address this issue on this list, because a lot of people here are > very skillfull C programmers. > > When looking at some of the different "reasons for security problems" > such as: > http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/ > > I can't help wonder, why so much software are being developed using C. > > To conclude my study I appreciate any help on the following questions: > > 1. If security is a major concern, or perhaps The Main Concern, why > not use Ada? I specifically mention Ada since one of the most > security demanding industries are building aircrafts and they use Ada.
You are right, Ada is widely used in avionics, aerospace and defence systems, systems that demand a VERY high level of security and safety regarding lives and expensive equipment. And Ada is specifically designed for embedded systems too. It is my understanding that C is the hackers tool while Ada is the tool of the engineer. I think it is mostly because of tradition. You find Ada in almost all of Boings airplanes, and in most industry critical systems. Ada was written with compile time protection against bugs such as buffer-overflows and so on. But like many has stated, what makes programs good and secure is the programmer, but IMHO the tools and languages are important too. You cannot use something like C in a really security demanding situation, and here I think about humans lives, like in spacecrafts. A simple buffer overflow might crash the plane, and you have to have some ways of eliminating that completely. That is why Ada was designed the way it was. You can read about the history of Ada on Wikipedia. Why so much is written in C on Unix-like systems, I think its mainly tradition. IMO Ada would be much better from a security point of view. > 2. Rather than auditing a lot of code, correcting a lot of coding > mistakes, like the OpenBSD security team has done, and still do, why > not shift from C to something, just as fast and powerfull as C, but > more secure? Again like Ada. (to completely avoid the possibilities > of those errors). Some has stated that "the speed of comes, among other things, from the lack of security checks and by allowing potentially unsafe operations." But that's not the reason. You just cannot do it in Ada instead, you have to re-write the OS. OpenBSD like other BSD's are written in C. To use Ada instead you have to re-write the kernel and base system and so on. You talk about what the OpenBSD security team are doing and this means that you are talking about the kernel and base system, not ports and packages. The kernel and base system is in C. I agree that it would be better if OpenBSD or any other system for that matter was written in Ada rather than C, and they could just as well, but re-writing something as huge as OpenBSD is a MAJOR task, and what would the real benefits be in this situation? The OpenBSD team knows exactly what they are doing hence the extra security of Ada becomes almost un-necessary, but again I agree, had OpenBSD been in Ada from day one, that would save them a LOT of time! Bugs would be caught on compile time and bad-coding would almost be eliminated. > 3. Are there any real benefits in using C++ over C regarding > security? Are C++ really "better" from a security perspective? You didn't ask this, but there is certainly no benefit in using C or C+ + over Ada, regarding security or other issues. Whatever you can do in C and C ++ you can do in Ada, but the Ada code is much better because it is so much more easy to read and thus more easy to maintain and the result is a hundred times safer. This has been clearly proven in the industry over the past two decades. Just ask Boing or NASA :-) Whether there is any benefits in using C++ over C from a security perspective, IMO not really. C++ has some "better" ways to do some things to prevent some of the "errors" of C, but then it has its own problems. The language is bloated with functions, it is constantly changing making backwards compatibility difficult, and really.. Its just C "and then some" more crap. You cannot beautify what is born "ugly". Rico Secada.
