Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Programming Security IT

Choice of Programming Language Doesn't Matter For Security 192

Posted by Soulskill from the obvious-things-your-boss-doesn't-understand dept.
An anonymous reader writes "The Security Ninja has written a blog post which discusses web programming languages and the fact that they are all insecure. It's based on a report from WhiteHat Security and aims to dispel the myth that some languages will guarantee that an application will be more or less secure than other languages. '... secure code is the product of a secure development process and real business commitment to deliver secure applications which includes developer education. The absence of these processes and business commitments will lead to web applications being developed insecurely regardless of the language being used.'"
This discussion has been archived. No new comments can be posted.

Choice of Programming Language Doesn't Matter For Security More

Choice of Programming Language Doesn't Matter For Security

Comments Filter:

  • Re:Duh (Score:2, Interesting)

    by K. S. Kyosuke ( 729550 ) on Friday May 07, 2010 @02:43PM (#32131028)
    I'm afraid it's you who is insecure, not C...

  • Obviously... (Score:2, Interesting)

    by Meshach ( 578918 ) on Friday May 07, 2010 @02:46PM (#32131076)
    That seems like a no brain statement. It doesn't matter what language I use if I write insecure code the application will be insecure.

    More at 11

  • OVERSOLD/HYPED: 'Web programming language' (Score:4, Interesting)

    by david.emery ( 127135 ) on Friday May 07, 2010 @03:02PM (#32131406)

    1. The languages being considered/charted are ASP, ASPX, CFM, DO, JSP, PHP and PL (I can guess at most of these acronyms).

    What's missing, obviously, are 'real' programming languages such as C, Java, FORTRAN, Ada, C++, Eiffel, etc.

    2. A lot of these languages share a common (C) heritage, and I'd assert "inherit" a lot of the security weaknesses of C. That's particularly true of weak typing for scalars, including array bounds.

    The conclusion I think can be drawn from this is that we need a substantial increase in Web Programming practices, including languages. Any other conclusion is overreach.

Slashdot Top Deals

All seems condemned in the long run to approximate a state akin to Gaussian noise. -- James Martin

Close