[Cryptography] Questions of taste on UDF presentation
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Feb 19 11:26:23 EST 2019
Phillip Hallam-Baker <phill at hallambaker.com> writes:
>Stop using C/C++, use Java, C# or any modern language that has array bounds
>checking built in and 99% of the current attack vectors are shut immediately.
s/current attack vectors are shut immediately/
C-specific attack vectors change to Java-specific attack vectors immediately/
Switching from $language_1 to $language_2 just means that all the attacks
specific to language_1 are swapped for ones from language_2. A few years ago
(not sure what the current stats are but I assume it hasn't changed that much)
Java was the second-biggest source of 0day after Flash, which I'm not sure
it's actually possible to beat in terms of security vulns... well, WordPress
perhaps. In particular, a lot of the Java vulns are in the JVM and similar,
which is an attack vector that doesn't even exist in C.
Peter.
More information about the cryptography
mailing list