Quote:
Originally Posted by Ninguem
Everything is insecure at some level.
|
No doubt, but is the quantification and severity assessment of the problems so unimportant?
Rather than compare Java to Linux, it would be interesting to compare it to C#. The two runtimes must be very similar. The languages started out only trivially different as far as I can tell, though perhaps they're starting to diverge. The included class libraries are nearly equally immense (and similar?). So if the security record is vastly different it might say something, either about the abilities of the implementers and maintainers, their release and QA process, or about how hard and skillfully the world is looking for flaws.
For another conclusion drawn from Java's horrible record, see here:
"Bjarne: I do not consider it the job of a programming language to be “secure.” Security is a systems property and a language that is – among other things – a systems programming language cannot provide that by itself. C++ offers protection against errors, rather than protection against deliberate violation of rules. C++11 is better at that than C++98, but the repeated failures of languages that did promise security (e.g. Java), demonstrates that C++’s more modest promises are reasonable. " --
https://www.informit.com/articles/ar...up&WT.rss_ev=a