Linked by Hadrien Grasland on Fri 14th Jan 2011 14:58 UTC, submitted by Debjit
GNU, GPL, Open Source "Steve Chang, the Chairman of Trend Micro, has kicked up a controversy by claiming that open source software is inherently less secure. When talking about the security of smartphones, Chang claimed that the iPhone is more secure than Android because being an open-source platform, attackers know more about the underlying architecture."
Permalink for comment 458348
To read all comments associated with this story, please click here.
RE[5]: So what code is secure?
by Neolander on Sun 16th Jan 2011 08:52 UTC in reply to "RE[4]: So what code is secure?"
Member since:

Ada, Modula-2, Modula-3, Oberon, Alef have proven that you can have a more safe programming language and write OS with them. The amount of written assembly was no different if the OS were written in C.

Sadly from these list, only Ada survived and thanks to DOD.

According to my brother who had to use it in university, Ada is probably the most annoying language he ever used in his life, making the most simple thing insanely complicated to write. Maybe we should investigate this if we want to understand why so little people are using it nowadays.

Let's not get into conspiracy theories. If all those languages you mention have disappeared, it's because they failed to deliver in some way. I sure loved cutting my teeth on Pascal Object, but I can also understand why the world around me has chosen C(++) instead.

Many programmers prefer to save typing than having their programs perform safely.

If this way of thinking is so widespread among programmers, and there's no way to change it e.g. by educating them differently, then the tools must change to adapt themselves to the programmer, and not the reverse. Be it by creating a language which saves typing, is powerful, AND performs safely, or by putting better compiler checks on "unsafe" languages.

Only if you never studied proper OS design can you be lead to believe that C is the only way.

Well, where I studied OS design, there was no mention of a specific programming language. The examples happen to be written in C, for obvious reasons, but that's all.

There were OS being written in higher level languages before C came into existence, and surely there will
have other systems languages eventually replacing it.

Before C came in, there were overall a huge lot of OSs written in Assembly. What C managed to do was to introduce a big enough improvement over Assembly that it convinced many people to use it.

The problems which high level languages always have when used at a low level are :
-Realtime requirements

C managed to give very high performance and a fair amount of control to developers, without forcing them to write a 40MB interpreter in Assembly first which would more or less totally void the point of using C at all. Plus it was more fun to play with than Assembly. That's why it was so successful.

I don't doubt that someday, a programming language will do to C what C did to Assembly. But it really has to address those three points and be as fun or more fun to use than C in order to succeed.

For my kernel, I mainly use C++, but I can understand why many people are not using it : its runtime requirements are quite high, which means that I either have to carefully avoid some language features or to implement some support code before the most trivial things work. And by today's standards, C++ really is a low-level language...

Edited 2011-01-16 08:53 UTC

Reply Parent Score: 1