Re: [SC-L] Programming language comparison?

2008-02-06 Thread Shea, Brian A
or deciding on my coding language. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ljknews Sent: Tuesday, February 05, 2008 8:37 PM To: sc-l@securecoding.org Subject: Re: [SC-L] Programming language comparison? At 4:44 PM -0500 2/5/08, Steven M. Christey wrote

Re: [SC-L] Programming language comparison?

2008-02-05 Thread Vincent Verhagen
Gentleman, Thanks for the contributions to my question. They've been helpful! Vincent Vincent Verhagen wrote: Hi all, I was referred to this list by a fellow security consultant for this specific question. Please forgive me if this is the wrong forum :) We're in the process of creating

Re: [SC-L] Programming language comparison?

2008-02-05 Thread ljknews
At 4:41 PM -0500 2/4/08, Steven M. Christey wrote: On Mon, 4 Feb 2008, Robert A. Martin wrote: You still need to add to that issues that apply to all languages versus these lists of language specific weaknesses and C and C++ have significant overlap given their relationship. There is an

Re: [SC-L] Programming language comparison?

2008-02-05 Thread Steven M. Christey
On Mon, 4 Feb 2008, ljknews wrote: (%s to fill up disk or memory, anybody?), so it's marked with All and it's not in the C-specific view, even though there's a heavy concentration of format strings in C/C++. It is marked as All ? What is the construct in Ada that has such a

Re: [SC-L] Programming language comparison?

2008-02-05 Thread ljknews
At 4:44 PM -0500 2/5/08, Steven M. Christey wrote: On Mon, 4 Feb 2008, ljknews wrote: (%s to fill up disk or memory, anybody?), so it's marked with All and it's not in the C-specific view, even though there's a heavy concentration of format strings in C/C++. It is marked as All

[SC-L] Programming language comparison?

2008-02-04 Thread Vincent Verhagen
Hi all, I was referred to this list by a fellow security consultant for this specific question. Please forgive me if this is the wrong forum :) We're in the process of creating a kind of handbook for third parties that develop web applications for us. One (quite extensive, I'm happy to report)

Re: [SC-L] Programming language comparison?

2008-02-04 Thread Robert A. Martin
Hi Vincent, While not a overview, you can find language specific weaknesses for C, Java, C++, and PHP on the Other Views page of the Common Weakness Enumeration (CWE) Project (see http://cwe.mitre.org/data/other.html). The List items give the names of the issues, the Slice gives a