* Crispin Cowan:
I'm with you on the C and C++ argument, but what is immature about Java?
I thought Java was a huge step forward, because for the first time, a
statically typesafe language was widely popular.
Java is not statically typesafe, see the beloved ArrayStoreException
(and
At 2:18 PM + 1/2/07, Peter Amey wrote:
[snip]
Isn't the whole basis of Spark a matter of adding proof
statements in the comments ? I don't think the general
compiler marketplace would go for that built-in to compilers.
After all:
1. The Praxis implementation can be used
[snip]
Isn't the whole basis of Spark a matter of adding proof
statements in the comments ? I don't think the general
compiler marketplace would go for that built-in to compilers.
After all:
1. The Praxis implementation can be used with multiple compilers
2. The
which invalidates
the above.
-Original Message-
From: Temin, Aaron L. [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 21, 2006 1:38 PM
To: McGovern, James F (HTSC, IT); Secure Coding
Subject: RE: [SC-L] Compilers
It would be worth knowing more about the basis you use for drawing
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ljknews
Sent: 02 January 2007 14:20
To: Secure Coding
Subject: Re: [SC-L] Compilers
At 2:18 PM + 1/2/07, Peter Amey wrote:
[snip]
We think so! However, like everything else
| ...P.S. Please watch for the unfortunate word wrap in the URL of my
| original post. The broken link still works but goes to thw wrong place!
Now, *there's* an interesting hazard! One can imagine some interesting
scenarios where this could be more than unfortunate. At the least,
it could be
| I _strongly_ encourage development with maximal warnings turned on.
| However, this does have some side-effects because many compilers
| give excessive spurious warnings. It's especially difficult to
| do with pre-existing code (the effort can be herculean).
Agreed. Writing for maximum freedom
* Crispin Cowan:
ljknews wrote:
2. The compiler market is so immature that some people are still
using C, C++ and Java.
I'm with you on the C and C++ argument, but what is immature about Java?
I thought Java was a huge step forward, because for the first time, a
statically
I _strongly_ encourage development with maximal warnings turned on.
However, this does have some side-effects because many compilers
give excessive spurious warnings. It's especially difficult to
do with pre-existing code (the effort can be herculean).
An interesting discussion about warning
Tim Hollebeek [mailto:[EMAIL PROTECTED] wonders:
are shops that insist on warning free compiles really that rare?
Yes. I've worked for or with many companies over the years, totalling probably
somewhere in the mid-teens or so. In all that, there was, to the best of my
recollection, only
However, not
all of the kinds of things should be put in the compiler (how
many coders do you know that use the -Wall??!).
All the decent ones??? I remember people talking about Warning
free with -Wall as a minimal requirement, and personally using
that standard, over 15 years ago. And
ljknews wrote:
2. The compiler market is so immature that some people are still
using C, C++ and Java.
I'm with you on the C and C++ argument, but what is immature about Java?
I thought Java was a huge step forward, because for the first time, a
statically typesafe language
On 12/22/06, Gary McGraw [EMAIL PROTECTED] wrote:
I have a better idead. Stop using C++. Jeeze.
Even better then that; stop programming insecurely.
gem
*rolleyes*
-- mic
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List
On 12/21/06, Gary McGraw [EMAIL PROTECTED] wrote:
I have a better idead. Stop using C++. Jeeze.
I'll second that recommendation. Given the abundance of better languages,
there are few good reasons to use dangerous languages like C++ on new
projects. It's easier and less time consuming to
On 12/21/06, Stephen de Vries [EMAIL PROTECTED] wrote:
You can achieve very similar goals by using unit tests. Although the
tests are not integrated into the code as tightly as something like
Spark (or enforcing rules in the compiler), they are considered part
of the source. IMO unit and
-
From: McGovern, James F (HTSC, IT) [mailto:[EMAIL PROTECTED]
Sent: Thu Dec 21 10:47:50 2006
To: Secure Coding
Subject:[SC-L] Compilers
I have been noodling the problem space of secure coding after attending a
wonderful class taught by Ken Van Wyk. I have been casually checking out
Sure it should be built into the language, and I assume it will be
eventually. Heck it only took 30 or 40 years for people to force developers
to use Try...Catch blocks.
-gp
On 12/21/06 9:30 AM, McGovern, James F (HTSC, IT)
[EMAIL PROTECTED] wrote:
I have been noodling the problem space of
McGovern, James F \(HTSC, IT\)
I have been noodling the problem space of secure coding after attending
a wonderful class taught by Ken Van Wyk. I have been casually checking
out Fortify, Ounce Labs, etc and have a thought that this stuff should
really be part of the compiler and not a
18 matches
Mail list logo
