[11180] in cryptography@c2.net mail archive
Re: It's Time to Abandon Insecure Languages
daemon@ATHENA.MIT.EDU (Victor.Duchovni@morganstanley.com)
Mon Jul 22 11:18:49 2002
Date: Mon, 22 Jul 2002 08:59:06 -0400 (EDT)
From: <Victor.Duchovni@morganstanley.com>
To: <cryptography@wasabisystems.com>
In-Reply-To: <v04210109b960d3229f78@[192.168.0.2]>
False sense of security. Most security bugs reported these days are issues
with application semantics (auth bypass, SQL injection, cross-site
scripting, information disclosure, mobile code execution, ...), not buffer
overflows. Only languages that operate on semantic specifications stand a
chance, and even then the specification could be wrong or incomplete...
--
Viktor.
On Sun, 21 Jul 2002, Arnold G. Reinhold wrote:
> Language wars have been with us since the earliest days of computing
> and we are obviously not going to resolve them here. It seems to me
> though, that cryptographic tools could be use to make to improve the
> reliability and security of C++ by providing ways to manage risky
> usages.
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
