At 9:46 PM +0200 7/20/06, Florian Weimer wrote: > * Pascal Meunier: > >> But it's true for stupid bugs like buffer overflows and format string >> vulnerabilities, in which we're still swimming, and the proof is the fact >> that those aren't possible in some languages. > > Could you name a few such language implementations? 8-)
Ada ! > In most cases, the components that enforces the absence of buffer > overflows are written in C. Not in VAX/DEC/Compaq/HP Ada, which is the one that I use. But the "components" that enforce the absence of buffer overflows are not written in Bliss (the language of the Ada RTL for that compiler) either. They are in the code that is generated, or the failure to generate that code because the problem was caught at compile time. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
