I am hard put to find an example of a language feature which makes a system more secure but less safe or vice versa, in any context. Can anyone else think of one?
Dynamic type checking (or any kind of run-time fail-stop checking) enhances security (attacks are halted) but degrades reliability (processes that might live with a harmlessly inconsistent state may be halted).
Now, that is in isolation, considering only the language impact on an individual process, in response to Jim/Mary's question. Of course you can compose fail-stop mechanisms with redundancy techniques to archive strong availability in the presence of weak individual process reliability. In fact, it is much easier to achieve high availability in the presence of fail-stop failure modes instead of Byzantine failure modes.
Crispin
-- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com Immunix 7.3 http://www.immunix.com/shop/
