<div dir="ltr">I do software security professionally these days.<div><br></div><div>While it is easier (e.g., almost possible) to do memory corruption/buffer overrun/stack smashing in any language, it is certainly far easier to do so in C and C++. Many languages these days link to C libraries, thus increasing the possibility.</div>
<div><br></div><div>However, much of my work these days is done against .net applications, which is a managed, garbage collected language. The number and frequency of errors in the code is not smaller than with C. It is still possible to get remote code execution through the IIS/.net web stack.</div>
<div><br></div><div>Application security is very difficult, and not very many of us write error-free code. </div><div><br></div><div>To me the issue with OpenSSL (and there are still some that remain, although the ones that I know about are not as severe) is that the code is very unclear and hard to reason about. In fact, the best static code analyzers had to be tweaked to see the issue.</div>
<div><br></div><div>Having many years experience in both C and C++, I find that working in Lisp is much easier to make assertions about its fine-grained behavior, pretty much agreeing with your experience.</div><div><br></div>
<div>I would like to rephrase the question: which language makes it easier to reason about a large code base? My vote is for the Lisp family. However, keep in mind one of the best-written programs out there, Qmail, is written in C. There is a lot to be said for who the author/authors are as well as the language.</div>
<div><br></div><div>wglb</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Apr 12, 2014 at 4:52 PM, David McClain <span dir="ltr"><<a href="mailto:dbm@refined-audiometrics.com" target="_blank">dbm@refined-audiometrics.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Just curious for other opinions... but wouldn't this (Heartbleed) sort of buffer excess read-back failure have been prevented by utilizing a "safe" language like Lisp or SML?<div>
<br></div><div>I used to be an "unsafe" language bigot -- having mastered C/C++ for many years, and actually producing C compilers for a living at one time. I felt there should be no barriers to me as master of my machine, and not the other way around.</div>
<div><br></div><div>But today's software systems are so complex that it boggles the mind to keep track of everything needed. I found during my transition years that I could maintain code bases no larger than an absolute max of 500 KLOC, and that I actually started losing track of details around 100 KLOC. Making the transition to a higher level language like SML or Lisp enabled greater productivity within those limits for me.</div>
<div><br><div>
<span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;white-space:normal;font-family:Helvetica;word-spacing:0px"><div>
Dr. David McClain</div><div><a href="mailto:dbm@refined-audiometrics.com" target="_blank">dbm@refined-audiometrics.com</a></div><div><br></div></span><br>
</div>
<br></div></div><br>_______________________________________________<br>
pro mailing list<br>
<a href="mailto:pro@common-lisp.net">pro@common-lisp.net</a><br>
<a href="http://common-lisp.net/cgi-bin/mailman/listinfo/pro" target="_blank">http://common-lisp.net/cgi-bin/mailman/listinfo/pro</a><br>
<br></blockquote></div><br></div>