I don't think saying "use safer languages" is a good way to say it.
It would help conditions significantly if greater care were taken to
match the choice of programming language to the problem to be solved
or application to be created. If a language like C is most
appropriate, then use it, just be sure to take the extra steps needed
to develop it securely.
I agree that the programming language should be chosen to match the problem, though it's worth pointing out that security is typically part of the problem to be solved. There are safer systems programming languages than C, such as D and Cyclone. If you've considered the alternatives and you really have to use C because it's the only thing that will do, then yes, use it and be sure to use it securely and verify that fact with static analysis tools and code reviews.
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
