Security Basics mailing list archives
RE: Programming
From: "David J ONEILL" <David.J.Oneill () state or us>
Date: Tue, 15 Feb 2005 07:25:18 -0800
I'll grant you that ... but you must admit that some languages are less tolerant to bad habits than others. Boy, am I sorry I mentioned COBOL ... I mean what were the designers of this language thinking. Imagine the nerve of someone developing a human readable language that also helps to reinforce the use of good programming techniques. ;-) David J O'Neill Senior Systems Analyst State of Oregon Department of Human Services Office of Information Services PH# 503.378.2101 ext. 280 email david.j.oneill () state or us
"Ernest Nelson" <juridian () juridian com> 02/14/05 01:16PM >>>
Most languages don't teach bad habits, bad references and teachers do. You can learn to write bad cobol just as easily as you can learn bad perl, c, or vb. "The Practice of Programming" is a good place to start learning how to write better code. - http://www.amazon.com/exec/obidos/tg/detail/-/020161586X/qid=1108415608/sr=8 -1/ref=pd_bbs_1/104-3983269-4991158?v=glance&s=books&n=507846 -----Original Message----- From: David J ONEILL [mailto:David.J.Oneill () state or us] Sent: Friday, February 11, 2005 2:51 PM To: security-basics () securityfocus com Subject: Re: Programming Sorry, my understand was that the "guy" wanted to learn a language the would help him see the security pitfalls in programming production code ... if I was wrong, my mistake. So, no I was not joking. The problem with "modern languages" (Java, C#, Python, Ruby, VBScript, ...) is that they do not enforce any structured programming techniques. They let the developer write the code any way they want, which install real bad habits (like redefining a data element into whatever data type fits as many times as they want ... just try tracing a program written like this.) If you want to know what kind of security vulnerabilities exist in the real world of professional programming (as opposed to the script kiddy world) one should explore languages used in major computer systems. Like it or not, in most large systems, the production code is COBOL. As I said before, I am a professional JAVA developer ... but I am sure glad that I started out with a more structured and human readable language. The future of COBOL, well you should have done some checking before popping that question (Object Oriented COBOL is the current version, and it is strongly supported.) I'm ready ... throw the next flaming arrow David J O'Neill Senior Systems Analyst State of Oregon Department of Human Services Office of Information Services PH# 503.378.2101 ext. 280 email david.j.oneill () state or us
Current thread:
- RE: Programming, (continued)
- RE: Programming Andrew Aris (Feb 17)
- RE: Programming Lepore, Brian (Feb 11)
- Re: Programming David J ONEILL (Feb 14)
- RE: Programming Ernest Nelson (Feb 14)
- Re: Programming Dragos Ruiu (Feb 15)
- Re: Programming _ (Feb 17)
- RE: Programming Ernest Nelson (Feb 14)
- Re: Programming dayz (Feb 14)
- Re: Programming Valentin Höbel (Feb 14)
- Re: Programming Kevin Carlson (Feb 17)
- Re: Programming Valentin Höbel (Feb 14)
- RE: Programming David J ONEILL (Feb 14)
- RE: Programming David J ONEILL (Feb 15)
- Re: Programming aixroot (Feb 15)