Linked by Hadrien Grasland on Fri 14th Jan 2011 14:58 UTC, submitted by Debjit
GNU, GPL, Open Source "Steve Chang, the Chairman of Trend Micro, has kicked up a controversy by claiming that open source software is inherently less secure. When talking about the security of smartphones, Chang claimed that the iPhone is more secure than Android because being an open-source platform, attackers know more about the underlying architecture."
Thread beginning with comment 458198
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: So what code is secure?
by Neolander on Sat 15th Jan 2011 18:15 UTC in reply to "So what code is secure?"
Neolander
Member since:
2010-03-08

Nowadays, most desktop operating systems require several GBs of HDD space only to offer very basic functionality. At this level of bloat, it's impossible to make code secure ;)

Reply Parent Score: 1

RE[2]: So what code is secure?
by moondevil on Sat 15th Jan 2011 20:05 in reply to "RE: So what code is secure?"
moondevil Member since:
2005-07-08

This is a lame excuse for bad coding.

Many security errors can be easily backtracked to C errors with memory handling.

If another, more safe, systems programming language was in widespread use, many security issues would not happen.

I dream of the day that C and C++ get replaced by a more safer systems programming language.

Sadly, that may take a few generations, if ever.

Reply Parent Score: 2

Neolander Member since:
2010-03-08

To be suitable for low-level programming, a programming language should have very low runtime requirement and not hide the CPU's power. This is why makes C and derivatives so attractive.

Putting some checks each time a pointer is accessed or modified, as an example, is not acceptable at kernel level, nor is dropping pointers altogether. The best we can do is having "smarter" compilers, which do a more in-depth analysis of the code and notice more suspicious behaviors. But that would result in massive compilation slowdowns.

For higher-level layers, using more safe languages is doable, on the other hand. But at this level, there is something much more important which we don't do yet : massive sandboxing. Limiting app capabilities to what they need in order to operate is by far the best way to minimize the impact of exploits (because there will always be some, no matter which languages people code in)

Reply Parent Score: 1