It's Time to Abandon Insecure Languages

Jay D. Dyson jdyson at treachery.net
Fri Jul 19 16:26:35 EDT 2002 

On 18 Jul 2002, David Wagner wrote:

> > Let us not forget Ada.  My wife's been coding in it for years now and,
> > while I haven't played with the language apart from poring through her
> > code on occasion, the language strikes me as remarkably more secure
> > than C/C++.
> 
> This seems interesting.  Can you elaborate a little more on Ada's
> advantages with regard to security?  Can you give any examples?  (The
> URLs you mentioned didn't help me much.) 

	There's a brief mention of this on the LinuxVoodoo site[1] with
direct reference to C/C++'s Achilles heel, the buffer overflow:

	"Most high-level programming languages are essentially immune to
	this problem, either because they automatically resize arrays
	(e.g., Perl), or because they normally detect and prevent buffer
	overflows (e.g., Ada95)..."

	As I mentioned in my previous note, Ada is my wife's programming
language of choice (I'm a PERL & C goon) and I possess only a glancing
knowledge of the language.  Still, with the work that my wife does in her
classified field with the DoD, I know that Ada is oft-relied upon for
critical systems that not only have high uptime requirements, but high
security requirements as well.

	There's another site you might find of interest called Ada-Auth
(http://www.ada-auth.org/) which has a wealth of data on Ada overall. 
There was a page on the site about Ada security restrictions, but it's 404
now.  Thankfully, Google has a cache[2] of it you may find of interest. 

	Another URL for your consideration:
	http://www.cl.cam.ac.uk/~mgk25/ada.html

-Jay

1.  http://www.linuxvoodoo.com/howto/HOWTO/Secure-Programs-HOWTO/buffer-overflow.html

2.  http://216.239.33.100/search?q=cache:X1beu4vdQwMC:www.ada-auth.org/~acats/arm-html/RM-H-4.html+&hl=en&ie=UTF-8

  (    (                                                          _______
  ))   ))   .--"There's always time for a good cup of coffee"--.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson at treachery.net ------<) |    = |-'
 `--' `--'  `-- I'll be diplomatic...when I run out of ammo. --'  `------'



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list