Linked by Hadrien Grasland on Fri 14th Jan 2011 14:58 UTC, submitted by Debjit
GNU, GPL, Open Source "Steve Chang, the Chairman of Trend Micro, has kicked up a controversy by claiming that open source software is inherently less secure. When talking about the security of smartphones, Chang claimed that the iPhone is more secure than Android because being an open-source platform, attackers know more about the underlying architecture."
Thread beginning with comment 458242
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: So what code is secure?
by moondevil on Sat 15th Jan 2011 20:05 UTC in reply to "RE: So what code is secure?"
Member since:

This is a lame excuse for bad coding.

Many security errors can be easily backtracked to C errors with memory handling.

If another, more safe, systems programming language was in widespread use, many security issues would not happen.

I dream of the day that C and C++ get replaced by a more safer systems programming language.

Sadly, that may take a few generations, if ever.

Reply Parent Score: 2

Neolander Member since:

To be suitable for low-level programming, a programming language should have very low runtime requirement and not hide the CPU's power. This is why makes C and derivatives so attractive.

Putting some checks each time a pointer is accessed or modified, as an example, is not acceptable at kernel level, nor is dropping pointers altogether. The best we can do is having "smarter" compilers, which do a more in-depth analysis of the code and notice more suspicious behaviors. But that would result in massive compilation slowdowns.

For higher-level layers, using more safe languages is doable, on the other hand. But at this level, there is something much more important which we don't do yet : massive sandboxing. Limiting app capabilities to what they need in order to operate is by far the best way to minimize the impact of exploits (because there will always be some, no matter which languages people code in)

Reply Parent Score: 1

moondevil Member since:

Again that is plain nonsense.

Ada, Modula-2, Modula-3, Oberon, Alef have proven that you can have a more safe programming language and write OS with them. The amount of written assembly was no different if the OS were written in C.

Sadly from these list, only Ada survived and thanks to DOD.

Many programmers prefer to save typing than having their programs perform safely. Only if you never studied proper OS design can you be lead to believe that C is the only way.

There were OS being written in higher level languages before C came into existence, and surely there will
have other systems languages eventually replacing it.

I like C, but I really feel it is about time to get it replaced with a safer systems programming language.

That is why I really hope Microsoft gets successful with Singularity ideas. I am also watching how Go and D evolve over time.

Reply Parent Score: 2