D has a few language features that help to minimize exploits:
- slices
- bounds checking
- more restrict type checking
- GC
- reference parameters
- proper strings
- security layers among modules (system, trusted, safe)
Most C and C++ security exploits are due to:
- pointer arithmetic
- null terminated strings
- lack of bounds checking on array access
- usage of pointers to change input arguments
Sure enough, static analysis tools can help, but not everyone
makes
use of them. Note that C++ library can help, but requires that
the developers
play by the rules.
But no language is 100% full proof. You still need to take care
data
is properly handled (SQL, passwords, etc) and if the OS does
not provide
the proper security mechanisms, you can still tweak the
assembly code.
--
Paulo
So if the causes of most C and C++ security exploits have been
addressed in D and D makes it difficult to write insecure code,
what exploits are still possible in D? Have the most serious and
numerous bugs been made unlikely in D? Does anybody know if D
makes new classes of bugs possible?
If I was comparing a C/C++ OS versus an identical OS written in
D, do you have estimates for many fewer bugs the D OS will have?
20% fewer minor bugs? 50% fewer critical bugs? Is that even the
right question to ask?
