-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-04-11 23:27, Ted Byers wrote:
On Fri, Apr 11, 2014 at 4:30 PM, Carlos E. R. <> wrote:
...
It seems to me that, instead of being afraid of any language, it behooves a pro to be aware of the strengths and weaknesses of all the languages he uses, and select the set thereof that best supports the functional requirements of the project he's working on.
I agree.
In the case of this bug, as in most bugs I have squashed, it is not a problem of a flaw in the language, but rather a mistake in coding, and perhaps an over-sight in the testing regime.
IMHO, C should be left to professionals and experienced programmers. :-)
His first two recommendations, generally, is the more useful.
He also said we ought to:
1) Pay money for security audits of critical security infrastructure like OpenSSL 2) Write lots of unit and integration tests for these libraries 3) Start writing alternatives in safer languages
One of the biggest factors in software quality is that those that 'manage' software projects often are unwilling to support sufficient documentation and testing. That costs money (or time in the case of open source products, and there may be a shortage of manpower to get it done right). Software houses generally want the software as inexpensive as possible, and so the usual QA processes get shortchanged, or skipped altogether. His first two recommendations go hand in glove. I have seen too many software houses (and those that hire software development contractors) that provide barely enough resources to do a decent job of prototyping, and fail to fund even basic unit testing.
I agree, too. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNIbToACgkQtTMYHG2NR9VkAACeP0VWfXbT+2bDcE1Ncmqm5UXl uRMAn36vlW/1YysSaxFJTkOV/cgNZWHx =4Xz5 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org