> At 11:45 PM +0100 11/2/07, Florian Weimer wrote:
>>> My limited exposure to Cobol makes me think it is as unlikely to have
>>> a buffer overflow as PL/I or Ada.
>> Usually, Ada programmers switch off bounds checking before shipping
>> code.  I don't know why Ada has such a reputation for robustness.
> Can you provide a pointer to the study showing that ?

A lot of programmers used to follow the example of GNAT's run-time
library, which is compiled with -gnatp, turning off bounds checks (among
others). There's also a certain influence from the certification crowd
who detests dead code.

But it seems that there's been a move away from -gnatp during the last
couple of years.  I hadn't noticed this.  Thanks.
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to