At 9:16 AM -0400 6/10/07, Robert C. Seacord wrote:
> ljknews,
> Yes, it is virtually impossible to get a serious runtime error in an Ada
> program.  For example:

It amazes me that someone in a discussion of software security would point
to a page that requires Javascript to be viewed.

But I see the topic of the page was Ariane 5, a well known case of running
software in an environment other than that specified in the design of the

That is a management issue - my comments were about buffer overflows,
as were the comments of David Crocker which I quoted.  If you have
secret knowledge that the Ariane 5 failure was related to buffer
overflows, please share it.

Not reading what was going on, in fact, was the cause of the Ariene 5

>> At 9:51 PM +0100 6/9/07, David Crocker wrote:
>>> If instead we pay people to perform the more skilled tasks of establishing
>>> requirements and specifying the systems to meet them, and use computers to
>>> generate programs that meet the specifications, then such things as freedom 
>>> from
>>> buffer overflow come free of charge. By "freedom" here, I don't mean the 
>>> sort of
>>> freedom that comes in "safe" languages such as Ada and Java - in which the
>>> buffer overflow raises an exception, probably requiring a restart of the
>>> subsystem
>> In my experience with Ada 83, the potential for buffer overflow is detected
>> at compile time.  When I get an unexpected runtime exception, it is almost
>> always at the interface to another language.

Larry Kilgallen
Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to