Linked by Hadrien Grasland on Fri 14th Jan 2011 14:58 UTC, submitted by Debjit
GNU, GPL, Open Source "Steve Chang, the Chairman of Trend Micro, has kicked up a controversy by claiming that open source software is inherently less secure. When talking about the security of smartphones, Chang claimed that the iPhone is more secure than Android because being an open-source platform, attackers know more about the underlying architecture."
Permalink for comment 458261
To read all comments associated with this story, please click here.
RE[3]: So what code is secure?
by Neolander on Sat 15th Jan 2011 21:03 UTC in reply to "RE[2]: So what code is secure?"
Neolander
Member since:
2010-03-08

To be suitable for low-level programming, a programming language should have very low runtime requirement and not hide the CPU's power. This is why makes C and derivatives so attractive.

Putting some checks each time a pointer is accessed or modified, as an example, is not acceptable at kernel level, nor is dropping pointers altogether. The best we can do is having "smarter" compilers, which do a more in-depth analysis of the code and notice more suspicious behaviors. But that would result in massive compilation slowdowns.

For higher-level layers, using more safe languages is doable, on the other hand. But at this level, there is something much more important which we don't do yet : massive sandboxing. Limiting app capabilities to what they need in order to operate is by far the best way to minimize the impact of exploits (because there will always be some, no matter which languages people code in)

Reply Parent Score: 1