Re: [SC-L] Building Security In vs Auditing

2007-01-04 Thread Paco Hope
Gary, I would love a little refinement of the benefits to badnessometers. Let's say I get a tool to tell me something I already suspect is wrong, what percentage of the population are better than they expected? I won't speak for Gary, but working a few doors down I have seen a few of the same

Re: [SC-L] Compilers

2007-01-04 Thread Florian Weimer
* Crispin Cowan: I'm with you on the C and C++ argument, but what is immature about Java? I thought Java was a huge step forward, because for the first time, a statically typesafe language was widely popular. Java is not statically typesafe, see the beloved ArrayStoreException (and