From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=AC_FROM_MANY_DOTS,BAYES_00 autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-ArrivalTime: 2001-08-01 13:36:06 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!newsfeeds.belnet.be!news.belnet.be!psinet-eu-nl!psiuk-p4!uknet!psiuk-n!news.pace.co.uk!nh.pace.co.uk!not-for-mail From: "Marin David Condic" Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: Wed, 1 Aug 2001 16:04:33 -0400 Organization: Posted on a server owned by Pace Micro Technology plc Message-ID: <9k9nci$1cq$1@nh.pace.co.uk> References: <5ee5b646.0108010949.5abab7fe@posting.google.com> <%CX97.14134$ar1.47393@www.newsranger.com> <9k9if8$rn3$1@elf.eng.bsdi.com> NNTP-Posting-Host: 136.170.200.133 X-Trace: nh.pace.co.uk 996696274 1434 136.170.200.133 (1 Aug 2001 20:04:34 GMT) X-Complaints-To: newsmaster@news.cam.pace.co.uk NNTP-Posting-Date: 1 Aug 2001 20:04:34 GMT X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Xref: archiver1.google.com comp.lang.ada:10982 comp.lang.c:71378 comp.lang.c++:79153 comp.lang.functional:7099 Date: 2001-08-01T20:04:34+00:00 List-Id: Well, that's rather assuming that there will be some constant level of bugs in all software regardless of language of implementation. If on average the number of bugs in a large body of applications written in Assembler, C, C++, Ada and Zerble were constant in both quantity and quality, (just taking different forms) then there wouldn't be much point in injecting any sort of language checks to prevent bugs. This seems kind of obviously silly - checks put into languages to find and prevent bugs do have some impact on the overall number of bugs. (Granted, we're talking about statistical averages - maybe the Ada code I write is really crappy in comparison to the C code you write and so for a similar effort on our parts, you may have fewer bugs. But that's hardly the point.) FWIW, I did a study at one time with metrics collected over a ten year span of time comparing Ada development versus development in a variety of other languages. There was a reduction in errors by a factor of four. Same programmers, different projects. There is quite a bit of evidence to indicate that errors can be reduced by language checks. That has practical implications in terms of profits and losses. Check out: http://www2.dynamite.com.au/aebrain/ADACASE.HTM http://www.stsc.hill.af.mil/crosstalk/2000/aug/mccormick.asp http://www.rational.com/products/whitepapers/337.jsp There you will find additional evidence that language choice *does* make a difference in terms of productivity and defects. MDC -- Marin David Condic Senior Software Engineer Pace Micro Technology Americas www.pacemicro.com Enabling the digital revolution e-Mail: marin.condic@pacemicro.com Web: http://www.mcondic.com/ "Chris Torek" wrote in message news:9k9if8$rn3$1@elf.eng.bsdi.com... > > Ultimately, this boils down to an indisputable fact: people are > exploiting buffer overflows that exist because poorly written C > code is popular. But this practically begs for a new question: if > poorly-written Ada (or any other language) were popular instead, > would that mean there would be *no* exploitable bugs? Or would the > exploitable bugs take some other form entirely? Perhaps, if the > world were different, someone would be posting to comp.lang.ada an > article saying: "If only Zerble were the popular language, these > bugs would not be resulting in all these worms and viruses." :-) >