At 9:51 PM +0100 6/9/07, David Crocker wrote: > If instead we pay people to perform the more skilled tasks of establishing > requirements and specifying the systems to meet them, and use computers to > generate programs that meet the specifications, then such things as freedom > from > buffer overflow come free of charge. By "freedom" here, I don't mean the sort > of > freedom that comes in "safe" languages such as Ada and Java - in which the > buffer overflow raises an exception, probably requiring a restart of the > subsystem
In my experience with Ada 83, the potential for buffer overflow is detected at compile time. When I get an unexpected runtime exception, it is almost always at the interface to another language. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
