[M3devel] Heartbleed, initialization, and Modula-3
schlepptop at henning-thielemann.de
Thu Jun 5 10:51:01 CEST 2014
Am 05.06.2014 00:39, schrieb Rodney M. Bates:
> Olaf's recent mention of safe languages and Heartbleed prompted me to
> look into the specifics of the bug, particularly to see what Modula-3
> might have done to prevent it.
My general experience is that a language is only as safe as the
programmer wants to. You can add as many safety belts as you like, a
careless programmer will always find a way to remove them. I consider
the value of safe languages the other way round: A careful programmer
can get a lot of security support from a safe language.
The programmer of the heartbleed bug was criticized for rating
performance higher than security and other things. There would have been
ways to prevent that bug even in C.
More information about the M3devel