On 02/18/2016 07:47 AM, Ruben Safir wrote:
On 02/17/2016 11:12 AM, Stevens wrote:
Yeah. Read another interesting article on the underlying problem last night and, having done some application development in a previous life, I agree wholeheartedly with the "C is the cause for most security vulnerabilities" thread.
No. Actually, it is not so easy to overrun a buffer on a modern OS, but putting that aside, there are many times the checking for a memory size is detrimental to the softwares function, especially in video and games.
You can't blame the programming language for the stupidity of the programmer. the reason C is the goto language for all things important is because it is powerful. It is. And that power is felt in the hands of the coder.
Ruben
Very true. It's like putting a professional tennis racket in the hands of someone who played pee-wee tennis once. They're going to lose control of it and make themselves look foolish. C and C++ are running at a very low level and take advantage of the hardware better than say, Haskell or Rust or Python. Python is not as fast of a running language as C++ (and Java always was slow for me) but processors are so fast these days that the user barely notices the difference. I've also read about compiler bugs and bugs in the bytecode interpreter for those higher-level languages, so it's not like they are totally immune to security bugs just because there's a bytecode interpreter. sdm -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org