Nils, this is almost the same as answering the question "what is the best programming language". The answer isn't X or Y, it is "well what is the program supposed to do". If your answer is always Java, please tell me how you are going to write Java code for a device driver that executes during early boot, including when memory isn't initialized yet. Don't think Java will fit :)
You select the best tool for the job and use that. We have to get programmers to understand that one tool doesn't fit all and one way of validating and formatting input doesn't work either. But we HAVE to make this easier to use and understand, with some very EXPLICIT helps to get people moving. David Grawrock Security Architect 503 264 3642 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Nils Dagsson Moskopp Sent: Monday, November 25, 2013 12:36 PM To: [email protected] Cc: [email protected] Subject: Re: [langsec-discuss] LangSec Workshop at IEEE SPW 2014, Sun May 18, 2014 [email protected] schrieb am Mon, 25 Nov 2013 10:20:39 -0800: > […] > > The hard part is going to be spending the time and effort to integrate > with those framework/library/language teams and get your stuff in > there and up-to-date. And that's where most solutions fail. But that > exactly the same difficulty that the developers face in integrating > your work into their apps. > > Not saying it's right, just that that's how it is. For the best > security, we need to minimize the cost of using the systems. Unfortunately, few things prevent a mediocre programmer writing a quick hack that subverts the purpose of software designed to avoid systemic failure. Exhibit A: handlebars.js, <http://handlebarsjs.com/> which manages to introduce logic into (logic-less) mustache templates <http://mustache.github.io/mustache.5.html>. Having talked to proponents of e.g. Ruby on Rails and JavaScript, I am now firmly convinced that hipster programmers are – by and large – not interested in systems that work well or are easy to use, but systems that are either popular or give a distinction (ego) benefit. Exhibit B: “Power users” who complain that any system unfamiliar to them is hard to use, yet “grudgingly” accept the countless annoying idiosyncrasies of their preferred “solution”. In the end, programming is pop culture. -- Nils Dagsson Moskopp // erlehmann <http://dieweltistgarnichtso.net> _______________________________________________ langsec-discuss mailing list [email protected] https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
