[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] automated vulnerability testing
- To: "'Peter Moody'" <peter@ucsc.edu>, <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] automated vulnerability testing
- From: "Bill Royds" <full-disclosure@royds.net>
- Date: Sat, 29 Nov 2003 15:11:02 -0500
Only a good programmer can write safe C.
Most programmers are not good programmers.
Therefore most C code is not safe and should not be trusted.
-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Peter Moody
Sent: November 29, 2003 12:52 PM
To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] automated vulnerability testing
> your programmer must be perfect to guarantee security. C is best used for
> low level programming where one needs to be close to the hardware
> (programming in the small). It is not good for large applications where
> modularity and flexibility are more important ( programming in the large).
and for large applications where the programmer needs to be close to the
hardware (programming in the?). like the 3.5 million lines of C code
that comprise the linux kernel...
I'm sick of lazy programmers who keep complaining how C doesn't hold
your hand VB or some crap. The language does not the coder make. A
good programmer will be able to make lisp, C, smalltalk (etc. etc.) do
what they need it to.
--
Peter Moody <peter@ucsc.edu>
Information Security Administrator 831/459.5409
Communications and Technology Services. UC, Santa Cruz.
http://security.ucsc.edu/pgp/peter.moody.pub
:wq
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html