Galchin Vasili wrote on Friday, January 4:
I stumbled across this page. It seems that Haskell and other strongly typed functional languages like Ml/OCaml will fare much, much better, e.g. buffer overrun. Thoughts . .... comments.
Bulat Ziganshin wrote:
for me, it looks like saying that haskell better uses CPU registers :) the truth is that modern languages (including Java/C#) doesn't use buffers directly. i don't have experience of their usage, but for Haskell i had memory referencing problems only when using unsafe* tricks
Interestingly enough, a few days after this exchange, the first public report was released from a large survey funded by US Homeland Security on security of open source projects. The survey was carried out by a company called Coverity. Among the projects making top grade for security - apparently far better than most proprietary products, though complete information about that is not public - were PHP, Perl, and Python. PHP? Come on, can't we do at least as well? But right now, there is a technical impediment to the participation of Haskell: the Coverity project currently only supports projects written in C, C++, and Java. Haskell compilers are often written in Haskell. Any ideas? Perhaps Coverity's interest could be piqued if they were made aware of Haskell's emergence as an important platform in security-sensitive industries such as finance and chip design, and of the significant influence that Haskell is having on the design of all other major programming languages. The home page for the Coverity open source project is at: http://scan.coverity.com/ Some recent press coverage: http://it.slashdot.org/article.pl?sid=08/01/09/0027229 http://www.zdnet.com.au/news/security/soa/11-open-source-projects-pass-secur... http://www.informationweek.com/story/showArticle.jhtml?articleID=205600229 -Yitz