At 9:02 PM +1000 10/13/06, mikeiscool wrote:
>On 10/13/06, Craig E. Ward <[EMAIL PROTECTED]> wrote:
>>At 10:03 AM -0400 10/12/06, ljknews wrote:
>>>At 9:20 AM -0400 10/12/06, Robert C. Seacord wrote:
>>>>   I'm also teaching a course at CMU in the spring on Secure Coding in C
>>>>   and C++.
>>>Is there participation on this list from the (hopefully larger number of)
>>>CMU instructors who are teaching people to use safer languages in the first
>>>place ?
>>>Larry Kilgallen
>>I don't think saying "use safer languages" is a good way to say it.
>>It would help conditions significantly if greater care were taken to
>>match the choice of programming language to the problem to be solved
>>or application to be created. If a language like C is most
>>appropriate, then use it, just be sure to take the extra steps needed
>>to develop it securely.
>>The problem is so much the programming languages as it is the way
>>they are used.
>Well, programming languages can go a long way to helping solve the
>problem, and it can be reasonably grey as to where to use what. Should
>I use php or ror? or python? or c#? I'd say there is a very
>appropriate and open space for nice "secure" languages to live and

I think that's what I was trying to say. The last sentence of my note 
has an error. I meant to write "The problem is not so much the 
programming languages as it is the way they are used."

Sorry for the bad proof reading.

Also, in the IEEE Software July/August 2006 issue in the "Tools of 
the Trade" department, Diomidis Spinellis discusses several factors 
to consider when selecting a programming language for a particular 
project. Those plus security make for some reasonable criteria to use.

"If a program has not been specified, it cannot be incorrect; it can 
only be surprising." (Young, Boebert, and Kain)
Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -

Reply via email to