Crispin Cowan wrote: >> For me, the enemy in the room is C++. It gives you the safety of C with the performance of SmallTalk. There is no excuse at all to be writing anything in C++ yet vastly too many applications are written in C++ anyway. Instead of trying to coax developers to switch from C++ to something "weird" like SML, lets encourage them to switch to Java or C#, which are closer to their experience. <<
Unfortunately, there are at least two situations in which C++ is a more suitable alternative to Java and C#: - Where performance is critical. Run time of C# code (using the faster .NET 2.0 runtime) can be as much as double the run time of a C++ version of the same algorithm. Try telling a large company that it must double the size of its compute farms so you can switch to a "better" programming language! - In hard real-time applications where garbage collection pauses cannot be tolerated. However, I suspect that most security-critical programs do not fall into either of these categories, so C# or Java would indeed be a better choice than C++ for those programs. David Crocker, Escher Technologies Ltd. Consultancy, contracting and tools for dependable software development www.eschertech.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php