From: "Yannick Duchêne (Hibou57)" <yannick_duchene@yahoo.fr>
Subject: Re: Does Ada need a 'secure coding standard' as well?
Date: Sat, 28 May 2011 21:06:27 +0200
Date: 2011-05-28T21:06:27+02:00 [thread overview]
Message-ID: <op.vv7go1jvule2fv@douda-yannick> (raw)
In-Reply-To: irrgb6$vib$1@speranza.aioe.org
Le Sat, 28 May 2011 20:53:25 +0200, Nasser M. Abbasi <nma@12000.org> a
écrit:
> I saw that CMU makes now what is called CERT (secure coding standards)
> for different languages. They have Java, C, C++ in there.
>
> These are supposed to be rules that a programmer should adopt to
> make the code written by that language more 'safe' and 'secure'
>
> Here is the one for C for example
>
> https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard
You can guess these recommendations are all languages specific. Ex. the
common recommendation to write
if (condition) {
do ();
}
instead of
if (condition)
do ();
makes no sense for Ada, which has already handle this: you always write
if Condition then
do;
end if;
There is no other way to do, so no rules to have there.
Well, this matters about how-to-write are mostly already embedded in the
language rules (that is one of its target: readability, and principle of
least-surprise).
Except that, there already exist to some Ada subset, or profiles. One of
the most common is the one which is required with SPARK. Here again, no
need to setup some rules and ask the authors to follow these rules and
nothing else, as these are already checked by the SPARK Checker.
But nothing is perfect, there may be some interested rules to be applied
to Ada, just that there will be few, and there all should be mostly domain
specific, as the ones about the large principles, are already there (I
believe).
--
“Syntactic sugar causes cancer of the semi-colons.” [Epigrams on
Programming — Alan J. — P. Yale University]
“Structured Programming supports the law of the excluded muddle.” [Idem]
“c++; /* this makes c bigger but returns the old value */” [Anonymous]
next prev parent reply other threads:[~2011-05-28 19:06 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-28 18:53 Does Ada need a 'secure coding standard' as well? Nasser M. Abbasi
2011-05-28 19:06 ` Yannick Duchêne (Hibou57) [this message]
2011-05-28 19:38 ` Nasser M. Abbasi
2011-05-28 19:45 ` Yannick Duchêne (Hibou57)
2011-05-28 19:32 ` Ludovic Brenta
2011-05-31 16:59 ` Simon Clubley
2011-05-31 17:51 ` AdaMagica
2011-05-31 18:54 ` Simon Clubley
2011-05-28 21:37 ` Simon Wright
2011-05-29 13:29 ` Mark_Ngbapai
2011-05-29 13:58 ` Simon Wright
2011-05-29 14:04 ` Yannick Duchêne (Hibou57)
2011-05-29 14:05 ` Yannick Duchêne (Hibou57)
2011-05-30 10:25 ` J-P. Rosen
2011-05-29 15:23 ` Maciej Sobczak
2011-05-29 15:53 ` Yannick Duchêne (Hibou57)
2011-05-30 10:27 ` J-P. Rosen
2011-05-29 21:03 ` Florian Weimer
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox