1 Sep
2017
1 Sep
'17
5:15 p.m.
On Fri, Sep 1, 2017 at 10:48 AM, William Cheswick <ches(a)cheswick.com> wrote:
I think we have 30 years’ experience that clearly
shows that dangerous
languages
will be misused in critical areas, even if most of us are very careful.
Marcus Ranum once wrote a one-page version of inetd that he thought was
secure. He was and is as committed to security as anyone, and had long
experience writing software important to the early Internet. Steve
Bellovin found a security hole in that one-page program.
I am convinced that a safe language with very tiny holes allowing access
to dangerous stuff (like memory management in the kernel) is simply safer.
Clearly, we are no where near that right now.
+1