On Thu, 13 Mar 1997, Bret Watson wrote:
> >> You guys do realize that a compiler/language is NOT responsible for
> >>creating secure code -- don't you?
> >> IT'S THE DEVELOPER'S JOB. NOT THE LANGUAGE.
--> You're false !!
>
> But if you are going to have A or B level applications/OS then the compiler
> has to be secure too. Remember secure at this level means - does not break
> for any reason. Personally I wouldn't use MS VC++ for a military program
> even if I was the world's best programmer and I had specs written in Z,
> would you?
>
--> You're right !!
> Cheers,
>
> Bret
>
> Bret Watson & Associates bwa @
usa .
net
> phone +61 41 4411 149 fax +61 9 454 6042
> Computer & Information Security Consultants
>
>
>
I can't even remember how many time i spent with buggy optimizing
compilers, all from M$, that works fine with optimization EXPLICITLY
disabled. So, Even with the best review of the code, a compiler can
introduce bug !!
(For fun : i guess what compiler was used for, let's say, NT.... hum....).
(For fun (2) : SCO continue using old M$ code in their C comps....)
No flame, please, i only guess about fiability of Firewall products
compiled with (possibly) bad compilers.
References:
|
|
