My final paper for my masters degree was on how some vulnerabilities 
manifest themselves, or fail to manifest, in different programming 
languages. I included C, C++, Java, Perl, and Standard ML. The title 
of the paper is "Implications of Programming Language Selection On 
the Construction of Secure Software Systems." You can find a link to 
it at my work web page:

One of the points I was trying to make in the paper is that the 
security attributes of a programming language were also important to 
take into consideration when selecting a language for a particular 
task. I'm glad that you're incorporating this into your process.


At 1:16 PM +0100 2/4/08, Vincent Verhagen wrote:
>Hi all,
>I was referred to this list by a fellow security consultant for this
>specific question. Please forgive me if this is the wrong forum :)
>We're in the process of creating a kind of handbook for third parties
>that develop web applications for us.
>One (quite extensive, I'm happy to report) chapter will be about
>security and for that I'm looking for a comparison of common
>programming/scripting languages (PHP, C variants, JAVA, etc) their
>specific risks and why or why not to use them.
>Has anyone created such an overview I could use as a basis to work from?
>Thanks in advance!
>Vincent Verhagen
>Simac ICT Netherlands

"If a program has not been specified, it cannot be incorrect; it can 
only be surprising." (Young, Boebert, and Kain)
Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to