> >IMHO, though, any such effort is pointless. The reality is > that we're going > >to be stuck with C/C++, Java, C#, FORTRAN, COBOL, and various > >interpreted/scripting languages for a very long time. > Rather than argue > >about what makes something good/better, we'd be better off > figuring out how > >to use them more effectively. > > The problem is that some people persist in using less-safe > languages for > new code. When put into a discussion (here) with those who > say "Use the > best tool", a non-conversation takes place. > > If the list were retitled to be "Secure Coding in > Unsupportive Languages" > or "Secure Coding with Approprate Languages" then half of us > would leave > and the rest could actually conduct a discussion. > -- > Larry Kilgallen >
What are peoples opinions of the languages listed above? Would I be overly controversial in saying: C/C++: Unsafe (for most people) Java/C#: Reasonably safe (both provide protection against buffer overflows, are type safe and provide built-in security mechanisms) FORTRAN/COBOL: Don't know - my impression is that COBOL is fairly safe Scripting Languages: Depends on the language. Lack of type safety can be a problem, but on the other hand they are usually safe from buffer overflows and the fact they you can do a lot more in fewer lines of code can make the code safer by making errors more obvious. Are there other languages in widespread use (ie, the language must be used more than - say - Python) that are safer than those listed above? Nick
