Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: automated vulnerability testing
From: Chris Adams <chris () improbable org>
Date: Mon, 1 Dec 2003 12:06:33 -0800
On 29/11/03 12:30 -0800, Chris Adams wrote:
> On Nov 29, 2003, at 2:47, Choe.Sung Cont. PACAF CSS/SCHP wrote:
> > Bill Royds wrote:
> >> If you are truly interested in security, you won't use C as the
> >> programming language.
> > You must be shitting me.. C does have its inherent flaws but that
> > doesn't
> > mean that there cannot be a secure application written in C. This
> > statement
> > represents FUD at its highest level.
>
> Name a single non-trivial application written in C which has not had at 
> least one of the classic C security problems.

Qmail? DJBDNS?
Again, the fact that we're talking about a couple programs written by one guy suggests that C should not be considered a general purpose language - DJB represents a very small percentage of the C programming populace. There are very, very few situations where you must use C - low-level hardware access just isn't that common any more, even for the traditional areas like embedded systems or games - and the fact that it's hard to write C properly suggests that it should be reserved for the few situations where it's a necessity: even there, it makes sense to use a high-level language to call a few functions written in C. 

Chris

Attachment: smime.p7s
Description:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]