At 3:19 PM -0400 10/12/06, Leichter, Jerry wrote:

> The only way forward is by having the *computer* do this kind of
> thing for us.  The requirements of the task are very much like those
> of low-level code optimization:  We leave that to the compilers today,
> because hardly anyone can do it well at all, much less competitively
> with decent code generators, except in very special circumstances.
> Code inspection tools are a necessary transitional step - just as
> Purify-like tools are an essential transitional step to find memory
> leaks in code that does manual storage management.  But until we can
> figure out how to create safer *languages* - doing for security what
> garbage collection does for memory management - we'll always be
> several steps behind.

It is not adequate to *create* safer languages - it is necessary to
have developers *use* those languages.  Given the emphasis on C and
C++ within posts on this list, that seems a long way off.
-- 
Larry Kilgallen
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to