Re: software flaws in application architecture

[Brad Moore <brad.moore@shaw.ca>]

On 27/09/2013 7:08 AM, Eryndlia Mavourneen wrote:
> In this article at:
>
>     http://searchsecurity.techtarget.com/opinion/Opinion-Software-insecurity-software-flaws-in-application-architecture#!
>
> the authors make the claim that languages other than C and Java have just as many flaws (like buffer overflow in C).  Is there a language lawyer who could add a comment to the article regarding Ada?
>
> -- Eryndlia (KK1T)
>

You might want to check out the publically and freely available 
technical report ISO/IEC TR 24772 produced by ISO/IEC JTC 1/SC22/WG23 
entitled;

Information technology - Programming languages - Guidance to avoiding 
vulnerabilities in programming languages through language selection and use.

standards.iso.org/ittf/PubliclyAvailableStandard/c061457_ISO_IEC_TR_24772_2013.zip

It describes various software vulnerabilities including buffer overflow.
It also includes annexes for specific languages that describes how each 
vulnerability applies to that language, as well as how to avoid that 
vulnerability in that language.

Each language has its own set of vulnerabilties, and a particular 
vulnerability may be more prone to happen in one language than in 
another, in possibly different ways.

The set of annexes includes Ada, C, Python, Ruby, SPARK, PHP.

It is hoped that future revisions of this technical report will include 
other languages.

Brad Moore