Re: Standards for developing secure software

On Thursday 23 January 2003 15:57, Ed Carp wrote:
> On Thu, 23 Jan 2003, Alex Russell wrote:

which isn't a point I argued. I simply was attempting to illustrate that there's a tradeoff between performance and security in most cases. In any instantenous case, it's often _possible_ to do the right thing in the fastest possible way, but this leads right back to the fallicy that we should just teach people to write perfect C (not that we shouldn't, but it's simply not realistic).

> Not true. Your argument has several logical fallacies which I

offline then? I like feedback.

> What *is* germane is the fact that security *can* be built into a

note the qualifier "a lot". I'm not suggesting that it can't and shouldn't be done, simply that like a lot of other things, security is a tradeoff.

> Just
> because a language is a relatively high-level language doesn't mean it

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

I never said it did.

<snip> project plug removed </snip>

> So, no, languages don't have to be like Java to be portable.

I never said they did.

> The whole portability argument that Java supports itself on is a

Ever used J2ME? It works, it's portable, and it's here now. The various "configuraitons" are enough to make you want to tear your hair out, but in general, it's useable on devices that are small enough to comfortably fit in your pocket.

> and it doesn't take away any of the complexity in writing

you're not talking to a Java lover. I'd much rather watch my Python code do it's job in the time I'd be spending looking up API calls in Java. But strong-vs-loosely typed languages is another debate for another foura.

-- 
Alex Russell
alex@netWindows.org
alex@SecurePipe.com

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek