From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,5cb36983754f64da X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2004-04-14 10:52:49 PST Path: archiver1.google.com!news1.google.com!news.glorb.com!wn52feed!worldnet.att.net!207.217.77.102!elnk-nf2-pas!newsfeed.earthlink.net!stamper.news.pas.earthlink.net!newsread1.news.pas.earthlink.net.POSTED!a6202946!not-for-mail From: Jeffrey Carter Organization: jrcarter commercial-at acm [period | full stop] org User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: No call for Ada References: <107m6cdmda7f639@corp.supernews.com> <407D235B.2040004@noplace.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Message-ID: Date: Wed, 14 Apr 2004 17:52:48 GMT NNTP-Posting-Host: 63.184.1.108 X-Complaints-To: abuse@earthlink.net X-Trace: newsread1.news.pas.earthlink.net 1081965168 63.184.1.108 (Wed, 14 Apr 2004 10:52:48 PDT) NNTP-Posting-Date: Wed, 14 Apr 2004 10:52:48 PDT Xref: archiver1.google.com comp.lang.ada:7102 Date: 2004-04-14T17:52:48+00:00 List-Id: Robert I. Eachus wrote: > Personally, I think that the need for web servers for companies doing > web commerce is an area where Ada's strengths will eventually mean that > it is needed to avoid the hazards associated with other languages. There > is a large, nasty group of crackers out there, and if they ever sniff > out the ability to redirect the billions of dollars in e-commerce > transactions into their accounts, financially safe software will be in > great demand. Indeed. Buffer overflows account for about half of all known vulnerabilities. People have been "fixing" these errors for over a decade, yet even today people are creating new buffer-overflow vulnerabilities, so it appears that something stronger than knowing about the problem is needed to avoid them. Something like a language that doesn't allow them in the first place. Yet none of the discussions of how to improve security mention the effects of appropriate language choice. When big customers refuse to use networking SW written in a language that allows buffer overflows, Ada, and products like AWS, will be there to fill the need. But the customers need to know that language choice can make a big difference. The server SW at AdaIC.org is written in Ada, and I understand that there have been many attempts to crack it, but none have succeeded. It would be nice if that could be documented, written up, and presented at security conferences and published in security journals. Even better, if we could find the resources, would be to set up a dummy web site using that SW, and offer a reward to anyone who can crack it. That would generate a lot of interest. -- Jeff Carter "Blessed are they who convert their neighbors' oxen, for they shall inhibit their girth." Monty Python's Life of Brian 83