Cybersecurity
C is dead. Gone. Skip if unless you want to write code for dishwashers or do low level stuff and produce insecure code which C is known for.
There is nothing insecure about C. Sure, there is plenty of code written in C that in not secure, but that's because there is so much code written in C.
The security of the software does not depend on whether or not it is written in C.
Unless you know how to write secure code in C and why you shouldn't not use it, please do not make claims about it.
Rather pretentious, aren't you?
And very, very wrong.
Ichinin
Veteran
Joined: 3 Apr 2009
Gender: Male
Posts: 3,653
Location: A cold place with lots of blondes.
C is dead. Gone. Skip if unless you want to write code for dishwashers or do low level stuff and produce insecure code which C is known for.
There is nothing insecure about C. Sure, there is plenty of code written in C that in not secure, but that's because there is so much code written in C.
The security of the software does not depend on whether or not it is written in C.
Unless you know how to write secure code in C and why you shouldn't not use it, please do not make claims about it.
Rather pretentious, aren't you?
And very, very wrong.
No, i'm an actual SECURITY PROFESSIONAL, apparently the only one in this thread. Go hide in the programming thread where you sprouted your ill informed opinion about your ancient buffer overflow producing language.
_________________
"It is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring" (Carl Sagan)
C is dead. Gone. Skip if unless you want to write code for dishwashers or do low level stuff and produce insecure code which C is known for.
There is nothing insecure about C. Sure, there is plenty of code written in C that in not secure, but that's because there is so much code written in C.
The security of the software does not depend on whether or not it is written in C.
Unless you know how to write secure code in C and why you shouldn't not use it, please do not make claims about it.
Rather pretentious, aren't you?
And very, very wrong.
No, i'm an actual SECURITY PROFESSIONAL, apparently the only one in this thread. Go hide in the programming thread where you sprouted your ill informed opinion about your ancient buffer overflow producing language.
The buffer overflows are the result of poor programming practices, not the language. The most you could say is that C doesn't protect you from your own bad practices. That does not make it inherently insecure.
Besides, buffer overflows aren't that difficult to avoid.
And, for what it's worth, I've seen "security professionals" who were too incompetent to set up a firewall.
Want to know what the real security issues are? People who don't know anything about security thinking that they do. We end up with very broken protocols and very broken implementations. If you want a really good example of this, WPA for wireless "security" is one.
Ichinin
Veteran
Joined: 3 Apr 2009
Gender: Male
Posts: 3,653
Location: A cold place with lots of blondes.
Here is a procedure list before talking about security:
1. Do your home work.
2. Open your mouth.
This is the general consensus of people who have programming experience and work in security:
https://twitter.com/ryanhuber/status/877623129903738880
_________________
"It is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring" (Carl Sagan)
Ichinin
Veteran
Joined: 3 Apr 2009
Gender: Male
Posts: 3,653
Location: A cold place with lots of blondes.
https://www.tripwire.com/state-of-security/vulnerability-management/compiler-undermining-secure-coding/
https://www.us-cert.gov/bsi/articles/knowledge/coding-practices/compiler-checks
http://www.cs.kuleuven.be/publicaties/rapporten/cw/CW386.pdf
https://nebelwelt.net/publications/files/15LangSec.pdf
"Boohoo, someone is pointing out security vulnerabilities in my language, and i defend it because i dont know how to write code in any other language, because my programming knowledge refuse to move beyond 1972."
_________________
"It is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring" (Carl Sagan)