re: A Security Lesson that Transcends Programming Language and Operating System Religion

asteingruebl — Fri, 22 Jun 2007 19:46:18 GMT

Michael,

Care to speculate on the costs of the SDL as applied to managed code vs. C/C++?

I know your general distaste for analogies so I can't resist throwing one out there.

You can shave safely with a straight razor. People did it for years. I does take a lot of skill to get right though, plenty of practice, etc. Or, you could use a safety razor and get the job done without taking nearly as much risk. You can still cut yourself but probably not a several inch deep gash...

Yes, I know this isn't a perfect example. Part of replacing one programming language with another is to gain efficiency. We replaced assembler with C and other languages for efficiency in the coding aspects. We replace C with C++ for efficiency in both coding and design. We replace them with C# and/or Java to get better efficiency in frameworks, modeling, etc.

If I get rid of C/C++ and/or ban certain function calls I remove whole classes of potential vulnerabilities. Of the classes left I'm equally susceptible to these types of flaws in C, C++, Java, and C#. But does that really mean I haven't gained anything from an assurance perspective?

I think you're setting up a straw-man here. Sure lots of people think that replacing C/C++ with Java/C# will automatically make me secure, but just because some people believe that position doesn't mean you won't get measurable benefit from moving to managed code.

Your thoughts?

re: A Security Lesson that Transcends Programming Language and Operating System Religion

splatteredbits — Fri, 22 Jun 2007 20:25:02 GMT

Thank you for saying this. I hope more people are reading this blog. Coincidentally, I <a href="recently'>http://www.splatteredbits.com/tp/articles/writing-secure-code">recently posted an article on my own blog about not trusting input</a>. It can be a hard message for developer's to preach, though.