From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-08-02 06:44:39 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!canoe.uoregon.edu!arclight.uoregon.edu!wn4feed!worldnet.att.net!135.173.83.71!wnfilter1!worldnet-localpost!bgtnsc05-news.ops.worldnet.att.net.POSTED!not-for-mail Message-ID: <3B693A24.DB64FEC9@yahoo.com> From: CBFalconer Reply-To: cbfalconer@worldnet.att.net Organization: Ched Research X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. References: <3B672322.B5EA1B66@home.com> <9k9ilv$jds$1@farviolet.com> <9k9rta$2vi$1@nh.pace.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Thu, 02 Aug 2001 13:44:39 GMT NNTP-Posting-Host: 12.90.169.51 X-Complaints-To: abuse@worldnet.att.net X-Trace: bgtnsc05-news.ops.worldnet.att.net 996759879 12.90.169.51 (Thu, 02 Aug 2001 13:44:39 GMT) NNTP-Posting-Date: Thu, 02 Aug 2001 13:44:39 GMT Xref: archiver1.google.com comp.lang.ada:11079 comp.lang.c:71628 comp.lang.c++:79325 comp.lang.functional:7181 Date: 2001-08-02T13:44:39+00:00 List-Id: Marin David Condic wrote: > ... snip ... > > 2) I personally did a study of defects on data collected over a ten year > timespan that compared defect rates when using Ada versus defect rates using > a number of other languages. The Ada projects had defect rates that were > lower by a factor of four. Saying that language of implementation has no > impact on the number of defects flies in the face of emperical evidence to > the contrary & I would ask that such claimants back that up with something > bordering on scientific evidence rather than rectal extraction. I have good > evidence that indicates languages *do* reduce errors by a very significant > amount. Not just my own study - try these links: > > http://www2.dynamite.com.au/aebrain/ADACASE.HTM > http://www.stsc.hill.af.mil/crosstalk/2000/aug/mccormick.asp > http://www.rational.com/products/whitepapers/337.jsp > > It may be that any given Ada program/programmer is going to be more > bug-ridden than some other program written in C/C++ by a "competent" > programmer. However, in the important business of making money for the > stockholders, I believe that we should use every technical advantage we can > get rather than relying on "competence" (which I doubt exists 100% of the > time in any of us). If a safer language like Ada exists and all other > considerations are equal, I'd think it was important to choose Ada and > reduce errors accordingly. ** PLEASE DO NOT top post ** I agree completely. However, the presence of "better" languages does not prevent anyone using other languages, for whatever reasons. The important thing is to recognize the flaws and weaknesses of the chosen language, and to program in a defensive manner. In C (and other languages) this means using assert statements and "can't happen" clauses in appropriate places. It also means NOT disabling run-time checks in languages that have them (barring extreme performance needs). -- Chuck F (cbfalconer@yahoo.com) (cbfalconer@XXXXworldnet.att.net) (Remove "XXXX" from reply address. yahoo works unmodified) mailto:uce@ftc.gov (for spambots to harvest)