> Date: Fri, 17 Jul 1998 15:49:02 -0700 > From: Craig Spannring <ctsat_private> > The responses I've gotten can be grouped into the following broad > categories- > > 1) Life would be good if we eliminated C and we will. > 2) Life would be good if we eliminated C, but we can't. > 3) C is the only language fast enough. > 3) Eliminating buffer overflows is nice, but won't solve most of > the problems. > 3) You can write safe code in C using strncpy, snprintf, et al. > 4) Only morons write code with buffer overflows > 5) Modula-2 and Ada suck and you do you. You missed one: 5) Modula-2 and Ada are just as insecure if you turn off array bounds checking. The language is not the problem; it's the absence of array bounds checking. There are a number of C compilers that will check your bounds for you, there's even a modified gcc that will do this. -- Geoff Keating <Geoff.Keatingat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:32 PDT