From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,21960280f1d61e84
X-Google-Attributes: gid103376,public
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news2.google.com!news4.google.com!news.glorb.com!solnet.ch!solnet.ch!news-zh.switch.ch!switch.ch!cernne03.cern.ch!not-for-mail
From: Maciej Sobczak <no.spam@no.spam.com>
Newsgroups: comp.lang.ada
Subject: Re: How come Ada isn't more popular?
Date: Fri, 26 Jan 2007 08:59:43 +0100
Organization: CERN News
Message-ID: <epccdf$vma$1@cernne03.cern.ch>
References: <1169531612.200010.153120@38g2000cwa.googlegroups.com>
 <uy7nucb8e.fsf@stephe-leake.org> <WYtth.318145$FQ1.108931@attbi_s71>
 <Z-ydnRmlYPSPEyvYnZ2dnUVZ_tmknZ2d@rcn.net>
 <uTDth.1154950$084.48774@attbi_s22> <ep7a5p$vf0$1@cernne03.cern.ch>
 <ZgPth.1155700$084.14435@attbi_s22> <rftzyg6rdh.fsf@hod.lan.m-e-leypold.de>
NNTP-Posting-Host: abpc10883.cern.ch
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: cernne03.cern.ch 1169798383 32458 137.138.37.241 (26 Jan 2007
 07:59:43 GMT)
X-Complaints-To: news@@cern.ch
NNTP-Posting-Date: Fri, 26 Jan 2007 07:59:43 +0000 (UTC)
User-Agent: Thunderbird 1.5.0.9 (X11/20061220)
In-Reply-To: <rftzyg6rdh.fsf@hod.lan.m-e-leypold.de>
Xref: g2news2.google.com comp.lang.ada:8589
Date: 2007-01-26T08:59:43+01:00
List-Id: <comp.lang.ada>

Markus E Leypold wrote:

> Teanage kids these days write c001 PHP web applications. Now buffer
> overflows there, but any amount of security holes.
> 
> BTW, what one can learn from that, is, that it is the absence of
> correct models and absence encapsulation of state and representation
> that makes software bad (insecure / unsafe / whatever), not only the
> buffer overflows.

Exactly.

http://www.owasp.org/index.php/OWASP_Top_Ten_Project#Top_Ten_Overview

Just changing the implementation language from C to whatever else (Ada 
including) can rule out only one (buffer overflows) of the top 10 
security flaws - and even that not always (especially when binding to 
some C code is used, where the buffer overflow can happen on the 
language border).

Security holes are not about just language choices.

-- 
Maciej Sobczak : http://www.msobczak.com/
Programming    : http://www.msobczak.com/prog/