IMHO, though, any such effort is pointless. The reality is
that we're going
to be stuck with C/C++, Java, C#, FORTRAN, COBOL, and various
interpreted/scripting languages for a very long time.
Rather than argue
about what makes something good/better, we'd be better off
figuring out how
to use them more effectively.
The problem is that some people persist in using less-safe
languages for
new code. When put into a discussion (here) with those who
say Use the
best tool, a non-conversation takes place.
If the list were retitled to be Secure Coding in
Unsupportive Languages
or Secure Coding with Approprate Languages then half of us
would leave
and the rest could actually conduct a discussion.
--
Larry Kilgallen
What are peoples opinions of the languages listed above?
Would I be overly controversial in saying:
C/C++: Unsafe (for most people)
Java/C#: Reasonably safe (both provide protection against buffer overflows,
are type safe and provide built-in security mechanisms)
FORTRAN/COBOL: Don't know - my impression is that COBOL is fairly safe
Scripting Languages: Depends on the language. Lack of type safety can be a
problem, but on the other hand they are usually safe from buffer overflows
and the fact they you can do a lot more in fewer lines of code can make the
code safer by making errors more obvious.
Are there other languages in widespread use (ie, the language must be used
more than - say - Python) that are safer than those listed above?
Nick