From: Tracy R Reed <[EMAIL PROTECTED]>
I think this is a good argument for writing security sensitive apps in a
higher level language, especially a functional language. It seems like
it is much easier to verify the code and you only have to worry about
the compiler at that point.
You also cut the number of qualified auditors by a factor of 10. Functional
languages didn't catch on for a good reason- they're hard to understand and
hard to write in. They don't work the way most people think. I'd put 2:1
that doing it would make things worse- you'd be introducing a ton of bugs
from people who don't write good functional code, and likely taking 3-4
times the amount of time to write it. This includes myself, and I'm not a
stupid person- functional programming is just counter-intuitive to me, and
procedural makes sense.
I still have nightmares aboout making the return types of the if and else
statements of ML match.
Gabe
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
