>> [...] the majority of computer security holes are buffer overruns. >> These would be minor irritations but for the world's addiction to >> the weakly typed programming languages C and its derivative C++.
Well, actually, but for the world's addiction to sloppy coding. It's entirely possible to avoid buffer overflows in C; it just requires a little care in coding. C's major failing in this regard - and I don't actually consider it all that major - is that it doesn't provide any tools to help. It assumes that you the programmer know what you're doing, and the mismatch between that and the common reality is where the problem actually comes from. All that a "better" language will bring you in this regard is that it will (a) push the sloppiness into places the compiler can't check and (b) change the ways things break when confronted with input beyond the design underlying their code. Now, admittedly, (b) may be worth doing, other things being equal (which of course they never really are). But the basic problem is sloppy code, not the language in which it's written. (Well, most of it. People do make mistakes - but while some buffer overflows are due to someone trying to do it right and making a mistake, most of them come from not even trying. Limit it to exploitable overflows and the proportion is even higher.) /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
