From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!news.glorb.com!npeer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post01.iad.highwinds-media.com!fx21.iad.POSTED!not-for-mail Message-ID: <52471E77.2080903@shaw.ca> From: Brad Moore User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: software flaws in application architecture References: <897df72d-f4b6-40f9-8a0c-224dcd622655@googlegroups.com> In-Reply-To: <897df72d-f4b6-40f9-8a0c-224dcd622655@googlegroups.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit NNTP-Posting-Host: 68.145.219.148 X-Complaints-To: internet.abuse@sjrb.ca X-Trace: 1380392537 68.145.219.148 (Sat, 28 Sep 2013 18:22:17 UTC) NNTP-Posting-Date: Sat, 28 Sep 2013 18:22:17 UTC Date: Sat, 28 Sep 2013 12:22:47 -0600 X-Received-Bytes: 2256 Xref: news.eternal-september.org comp.lang.ada:17326 Date: 2013-09-28T12:22:47-06:00 List-Id: On 27/09/2013 7:08 AM, Eryndlia Mavourneen wrote: > In this article at: > > http://searchsecurity.techtarget.com/opinion/Opinion-Software-insecurity-software-flaws-in-application-architecture#! > > the authors make the claim that languages other than C and Java have just as many flaws (like buffer overflow in C). Is there a language lawyer who could add a comment to the article regarding Ada? > > -- Eryndlia (KK1T) > You might want to check out the publically and freely available technical report ISO/IEC TR 24772 produced by ISO/IEC JTC 1/SC22/WG23 entitled; Information technology - Programming languages - Guidance to avoiding vulnerabilities in programming languages through language selection and use. standards.iso.org/ittf/PubliclyAvailableStandard/c061457_ISO_IEC_TR_24772_2013.zip It describes various software vulnerabilities including buffer overflow. It also includes annexes for specific languages that describes how each vulnerability applies to that language, as well as how to avoid that vulnerability in that language. Each language has its own set of vulnerabilties, and a particular vulnerability may be more prone to happen in one language than in another, in possibly different ways. The set of annexes includes Ada, C, Python, Ruby, SPARK, PHP. It is hoped that future revisions of this technical report will include other languages. Brad Moore