At 5:12 PM -0700 6/8/03, Anne & Lynn Wheeler wrote:
>somebody (else) commented (in the thread) that anybody that currently
>(still) writes code resulting in buffer overflow exploit maybe should be
>thrown in jail.

A nice essay, partially on the need to include technological protections
against human error, included the above paragraph.

IMHO, the problem is that the C language is just too error prone to be used
for most software.  In "Thirty Years Later:  Lessons from the Multics
Security Evaluation",  Paul A. Karger and Roger R. Schell
<www.acsac.org/2002/papers/classic-multics.pdf> credit the use of PL/I for
the lack of buffer overruns in Multics.  However, in the Unix/Linux/PC/Mac
world, a successor language has not yet appeared.

YMMV - Bill


-------------------------------------------------------------------------
Bill Frantz           | Due process for all    | Periwinkle -- Consulting
(408)356-8506         | used to be the         | 16345 Englewood Ave.
[EMAIL PROTECTED] | American way.          | Los Gatos, CA 95032, USA



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to