From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
Path: 
 border2.nntp.dca3.giganews.com!backlog4.nntp.dca3.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!newspeer1.nac.net!feeder.erje.net!eu.feeder.erje.net!news.ecp.fr!aioe.org!.POSTED!not-for-mail
From: "Nasser M. Abbasi" <nma@12000.org>
Newsgroups: comp.lang.ada
Subject: Re: [OT] OpenBSD, was: Re: OpenSSL development (Heartbleed)
Date: Sat, 19 Apr 2014 17:15:19 -0500
Organization: Aioe.org NNTP Server
Message-ID: <liushm$rhd$1@speranza.aioe.org>
References: <-OGdnezdYpRWFc_OnZ2dnUVZ_vednZ2d@giganews.com>
 <535297f1$0$6715$9b4e6d93@newsspool3.arcor-online.net>
 <PpSdnZ-uENyAAs_OnZ2dnUVZ_qGdnZ2d@giganews.com>
 <5352a76f$0$6720$9b4e6d93@newsspool3.arcor-online.net>
 <3ZSdnd4A49AxV8_OnZ2dnUVZ_qSdnZ2d@giganews.com>
 <5352da76$0$6701$9b4e6d93@newsspool2.arcor-online.net>
 <gfadnaRgQ9iuf8_OnZ2dnUVZ_o-dnZ2d@giganews.com> <liuonu$i3r$1@dont-email.me>
 <T86dnbo6gLflbc_OnZ2dnUVZ_tGdnZ2d@giganews.com>
Reply-To: nma@12000.org
NNTP-Posting-Host: 7gvRUE2kI2ecyAJ6lhEzgg.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.4.0
X-Notice: Filtered by postfilter v. 0.8.2
X-Original-Bytes: 1983
Xref: number.nntp.dca.giganews.com comp.lang.ada:185895
Date: 2014-04-19T17:15:19-05:00
List-Id: <comp.lang.ada>

On 4/19/2014 4:53 PM, Alan Browne wrote:

>
> In effect they are confirming that C is a terrible language to write
> anything requiring security and so it needs never ending vigilance.
>

Sure. When the language is weakly typed, more manual
effort in terms of more code eye balling, more debugging,
more testing and more code inspection is needed relative
to using a strongly typed language. Instead of getting
help from the language/compiler in finding many errors
early on, human time and effort is used instead to
compensate.

This is nothing new ;)

> Not to say Ada results in bullet proof - but if used as intended there
> would be very few security holes of the many sorts that seem to pop up.
>

--Nasser