At 9:51 PM +0100 6/9/07, David Crocker wrote:

> If instead we pay people to perform the more skilled tasks of establishing
> requirements and specifying the systems to meet them, and use computers to
> generate programs that meet the specifications, then such things as freedom 
> from
> buffer overflow come free of charge. By "freedom" here, I don't mean the sort 
> of
> freedom that comes in "safe" languages such as Ada and Java - in which the
> buffer overflow raises an exception, probably requiring a restart of the
> subsystem

In my experience with Ada 83, the potential for buffer overflow is detected
at compile time.  When I get an unexpected runtime exception, it is almost
always at the interface to another language.
Larry Kilgallen
Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to