It's Time to Abandon Insecure Languages
Victor.Duchovni at morganstanley.com
Victor.Duchovni at morganstanley.com
Mon Jul 22 08:59:06 EDT 2002
False sense of security. Most security bugs reported these days are issues
with application semantics (auth bypass, SQL injection, cross-site
scripting, information disclosure, mobile code execution, ...), not buffer
overflows. Only languages that operate on semantic specifications stand a
chance, and even then the specification could be wrong or incomplete...
--
Viktor.
On Sun, 21 Jul 2002, Arnold G. Reinhold wrote:
> Language wars have been with us since the earliest days of computing
> and we are obviously not going to resolve them here. It seems to me
> though, that cryptographic tools could be use to make to improve the
> reliability and security of C++ by providing ways to manage risky
> usages.
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list