> At 11:45 PM +0100 11/2/07, Florian Weimer wrote: > >>> My limited exposure to Cobol makes me think it is as unlikely to have >>> a buffer overflow as PL/I or Ada. >> >> Usually, Ada programmers switch off bounds checking before shipping >> code. I don't know why Ada has such a reputation for robustness. > > Can you provide a pointer to the study showing that ?
A lot of programmers used to follow the example of GNAT's run-time library, which is compiled with -gnatp, turning off bounds checks (among others). There's also a certain influence from the certification crowd who detests dead code. But it seems that there's been a move away from -gnatp during the last couple of years. I hadn't noticed this. Thanks. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
