Comments on: Show 011 - An Interview with Dorothy Denning http://www.cigital.com/silverbullet/show-011/ In-depth conversations with leading security gurus, hosted by Gary McGraw, sponsored by IEEE Security & Privacy Magazine. Thu, 24 Jul 2008 01:38:25 +0000 http://wordpress.org/?v=2.0.11 by: gem http://www.cigital.com/silverbullet/show-011/#comment-5448 Wed, 28 Feb 2007 00:45:54 +0000 http://www.cigital.com/silverbullet/show-011/#comment-5448 If you have to code to the metal, you can use assembly like we did back when I was a kid. I suppose C is like assembly on steroids, so it will have a place. However, rampant use of C in non-system places is not helping. And there is no excuse for C++ which is the worst piece of unbelievable crap ever foist on the planet as a programming language. Learning to use C in a secure manner is a good idea. (As you probably know, I have spent a decent chunk of my research career working on that kind of thing.) However learning to use C++ in a secure manner is idiocy itself. Just throw out the language. Who me opinions?? gem company www.cigital.com podcast www.cigital.com/silverbullet book www.swsec.com If you have to code to the metal, you can use assembly like we did back when I was a kid. I suppose C is like assembly on steroids, so it will have a place.

However, rampant use of C in non-system places is not helping. And there is no excuse for C++ which is the worst piece of unbelievable crap ever foist on the planet as a programming language.

Learning to use C in a secure manner is a good idea. (As you probably know, I have spent a decent chunk of my research career working on that kind of thing.) However learning to use C++ in a secure manner is idiocy itself. Just throw out the language.

Who me opinions??

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
book www.swsec.com

]]> by: Oleg Zhylin http://www.cigital.com/silverbullet/show-011/#comment-5156 Thu, 22 Feb 2007 01:25:16 +0000 http://www.cigital.com/silverbullet/show-011/#comment-5156 I have to disappoint you about C/C++, it will never be gone. If it will no longer be tought in schools we are facing Idiocracy movie (http://www.imdb.com/title/tt0387808/) in software development. Developers must know how to program computers, not software abstractions over them. As to the topic of the podcast, I would like to emphasise again that C/C++ are _system_ languages which were, are, and will be used to program systems cores. And if we want those cores to be secure, we have no other way but to understand how to use the tools properly. I have to disappoint you about C/C++, it will never be gone. If it will no longer be tought in schools we are facing Idiocracy movie (http://www.imdb.com/title/tt0387808/) in software development. Developers must know how to program computers, not software abstractions over them.

As to the topic of the podcast, I would like to emphasise again that C/C++ are _system_ languages which were, are, and will be used to program systems cores. And if we want those cores to be secure, we have no other way but to understand how to use the tools properly.

]]>