[11148] in cryptography@c2.net mail archive
Re: It's Time to Abandon Insecure Languages
daemon@ATHENA.MIT.EDU (Jay D. Dyson)
Fri Jul 19 17:06:29 2002
Date: Fri, 19 Jul 2002 13:26:35 -0700 (PDT)
From: "Jay D. Dyson" <jdyson@treachery.net>
To: Cryptography List <cryptography@wasabisystems.com>
In-Reply-To: <ah7g17$2cj$1@abraham.cs.berkeley.edu>
On 18 Jul 2002, David Wagner wrote:
> > Let us not forget Ada. My wife's been coding in it for years now and,
> > while I haven't played with the language apart from poring through her
> > code on occasion, the language strikes me as remarkably more secure
> > than C/C++.
>
> This seems interesting. Can you elaborate a little more on Ada's
> advantages with regard to security? Can you give any examples? (The
> URLs you mentioned didn't help me much.)
There's a brief mention of this on the LinuxVoodoo site[1] with
direct reference to C/C++'s Achilles heel, the buffer overflow:
"Most high-level programming languages are essentially immune to
this problem, either because they automatically resize arrays
(e.g., Perl), or because they normally detect and prevent buffer
overflows (e.g., Ada95)..."
As I mentioned in my previous note, Ada is my wife's programming
language of choice (I'm a PERL & C goon) and I possess only a glancing
knowledge of the language. Still, with the work that my wife does in her
classified field with the DoD, I know that Ada is oft-relied upon for
critical systems that not only have high uptime requirements, but high
security requirements as well.
There's another site you might find of interest called Ada-Auth
(http://www.ada-auth.org/) which has a wealth of data on Ada overall.
There was a page on the site about Ada security restrictions, but it's 404
now. Thankfully, Google has a cache[2] of it you may find of interest.
Another URL for your consideration:
http://www.cl.cam.ac.uk/~mgk25/ada.html
-Jay
1. http://www.linuxvoodoo.com/howto/HOWTO/Secure-Programs-HOWTO/buffer-overflow.html
2. http://216.239.33.100/search?q=cache:X1beu4vdQwMC:www.ada-auth.org/~acats/arm-html/RM-H-4.html+&hl=en&ie=UTF-8
( ( _______
)) )) .--"There's always time for a good cup of coffee"--. >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson@treachery.net ------<) | = |-'
`--' `--' `-- I'll be diplomatic...when I run out of ammo. --' `------'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
