At 9:02 PM +1000 10/13/06, mikeiscool wrote:
>On 10/13/06, Craig E. Ward <[EMAIL PROTECTED]> wrote:
>>At 10:03 AM -0400 10/12/06, ljknews wrote:
>>>At 9:20 AM -0400 10/12/06, Robert C. Seacord wrote:
>>>
I'm also teaching a course at CMU in the spring on Secure Coding in C
and C++.
>>>
>>>Is there participation on this list from the (hopefully larger number of)
>>>CMU instructors who are teaching people to use safer languages in the first
>>>place ?
>>>--
>>>Larry Kilgallen
>>
>>
>>I don't think saying "use safer languages" is a good way to say it.
>>It would help conditions significantly if greater care were taken to
>>match the choice of programming language to the problem to be solved
>>or application to be created. If a language like C is most
>>appropriate, then use it, just be sure to take the extra steps needed
>>to develop it securely.
>>
>>The problem is so much the programming languages as it is the way
>>they are used.
>
>Well, programming languages can go a long way to helping solve the
>problem, and it can be reasonably grey as to where to use what. Should
>I use php or ror? or python? or c#? I'd say there is a very
>appropriate and open space for nice "secure" languages to live and
>develop.
I think that's what I was trying to say. The last sentence of my note
has an error. I meant to write "The problem is not so much the
programming languages as it is the way they are used."
Sorry for the bad proof reading.
Also, in the IEEE Software July/August 2006 issue in the "Tools of
the Trade" department, Diomidis Spinellis discusses several factors
to consider when selecting a programming language for a particular
project. Those plus security make for some reasonable criteria to use.
Craig
--
Internet: [EMAIL PROTECTED]
"If a program has not been specified, it cannot be incorrect; it can
only be surprising." (Young, Boebert, and Kain)
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php