From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.224.126.137 with SMTP id c9mr9609742qas.2.1380298507563; Fri, 27 Sep 2013 09:15:07 -0700 (PDT) X-Received: by 10.50.66.161 with SMTP id g1mr123934igt.5.1380298507515; Fri, 27 Sep 2013 09:15:07 -0700 (PDT) Path: border1.nntp.dca3.giganews.com!border2.nntp.dca3.giganews.com!border4.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!nx02.iad01.newshosting.com!newshosting.com!news.glorb.com!q9no63763qas.0!news-out.google.com!9ni404qaf.0!nntp.google.com!q9no63756qas.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Fri, 27 Sep 2013 09:15:07 -0700 (PDT) In-Reply-To: <897df72d-f4b6-40f9-8a0c-224dcd622655@googlegroups.com> Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=66.126.103.122; posting-account=RxNzCgoAAACA5KmgtFQuaU-WaH7rjnAO NNTP-Posting-Host: 66.126.103.122 References: <897df72d-f4b6-40f9-8a0c-224dcd622655@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <796ee1b2-0f3f-4495-ac6c-ab0095e0b8b1@googlegroups.com> Subject: Re: software flaws in application architecture From: Adam Beneschan Injection-Date: Fri, 27 Sep 2013 16:15:07 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Original-Bytes: 3146 Xref: number.nntp.dca.giganews.com comp.lang.ada:183489 Date: 2013-09-27T09:15:07-07:00 List-Id: On Friday, September 27, 2013 6:08:09 AM UTC-7, Eryndlia Mavourneen wrote: > In this article at: >=20 >=20 >=20 > http://searchsecurity.techtarget.com/opinion/Opinion-Software-insecuri= ty-software-flaws-in-application-architecture#! >=20 >=20 >=20 > the authors make the claim that languages other than C and Java have just= as many flaws (like buffer overflow in C). Is there a language lawyer who= could add a comment to the article regarding Ada? I wouldn't make too much of this. You could make some sort of argument tha= t you've counted and there are only 62.12% (or whatever) as many flaws in A= da that could lead to security bugs as there are in C, but it's really besi= de the point. Their wording was sloppy. The overall point, that software = has bugs in it that can pose security problems, and their "architectural ri= sk analysis" process can help find those early, is true regardless of what = language is used. Most of the flaws are things that no language can preven= t. One thing that Ada *does* suffer from is deallocation problems, in which an= allocated object is deallocated while a pointer to it still exists. My im= pression is that this is still the cause of lots of security vulnerabilitie= s, probably more than buffer overflow by now. Ada doesn't prevent those pr= oblems, although it does make it possible to encapsulate things in controll= ed types to reduce the chance of this occurring (C++ also has features that= make this possible). =20 But anyway, the article isn't about languages. I think they're just trying= to tell people that you can't stop worrying about security just because yo= u're using Java or some language other than C, and it's a valid point. -- Adam=20