At 9:53 AM +0200 6/8/07, Stephen de Vries wrote: > On 8 Jun 2007, at 02:23, Steven M. Christey wrote: >> >> More modern languages advertise security but aren't necessarily >> catch-alls. > > At the same time, the improvements in security made by managed code > (e.g. the JRE and .NET runtimes) for example, should not be > understated. The fact that apps written in these languages are not > susceptible to buffer overflow issues is a HUGE improvement.
An improvement only for those who have previously chosen lowest common denominator languages. Immunity from buffer overflows has been around for 30 years. The fact that some set of developers choose to ignore the languages that provide it does not make the next environment that provides it an improvement for the industry. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
