RE: [SC-L] Programming languages used for security

2004-07-13 Thread Nick Lothian
Does anyone have pointers to articles on designing API's so that they are easy to use securely? Not specifically related to security, but http://www.cafeconleche.org/XOM/designprinciples.xhtml#d0e161 is one of the better things I've seen about designing APIs. Nick

RE: [SC-L] Programming languages -- the third rail of secure coding

2004-07-21 Thread Nick Lothian
I'd also point out that if it's languages you're trying to list, JavaScript arguably should not have a separate entry from Java Yes it should - they are substantially different languages, even if we look at them only syntactically. You could argue that Javascript should be listed as

RE: [SC-L] Programming languages -- the third rail of secure

2004-08-01 Thread Nick Lothian
IMHO, though, any such effort is pointless. The reality is that we're going to be stuck with C/C++, Java, C#, FORTRAN, COBOL, and various interpreted/scripting languages for a very long time. Rather than argue about what makes something good/better, we'd be better off figuring out how