At 3:19 PM -0400 10/12/06, Leichter, Jerry wrote: > The only way forward is by having the *computer* do this kind of > thing for us. The requirements of the task are very much like those > of low-level code optimization: We leave that to the compilers today, > because hardly anyone can do it well at all, much less competitively > with decent code generators, except in very special circumstances. > Code inspection tools are a necessary transitional step - just as > Purify-like tools are an essential transitional step to find memory > leaks in code that does manual storage management. But until we can > figure out how to create safer *languages* - doing for security what > garbage collection does for memory management - we'll always be > several steps behind.
It is not adequate to *create* safer languages - it is necessary to have developers *use* those languages. Given the emphasis on C and C++ within posts on this list, that seems a long way off. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php