We are not the only ones doing it...

The Secure Coding mailing list is having field day arguing about Marcus Ranum's ACM Queue article, Security: The root of the problem.

Normally, I wouldn't link to this thread since it isn't specifically about programming languages.

However, programming languages are being mentioned, and static analysis tools discussed (esp. SPARK). Moreover, I think the dynamics of the debate are quite similar to the dynamics of the ongoing (and eternal) debate in the discussion group regarding static typing. Perhaps, seeing this sort of quicksand action hapenning in a different context can help us learn how to focus PL-related debates and make them more productive.

Note: I am not trying to rain on anyone's parade. In fact, I think LtU is better than most other forums when it comes to this kind of debate. But non-productive debates on these issues are a common problem in PL discussions.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

"forget programmer cooperation"

I agree with much of what the author has to say, but I strongly disagree with his assertion that there's no way to get programmers from using languages other than C/C++. The popularity of java and scripting languages like python, ruby etc. should be enough to convince anyone that he's wrong. But if he's right, and if programmers stubbornly refuse to learn new languages (as many will) and also stubbornly refuse to use better practices (warnings, better runtime environments) then there is simply nothing that can be done. We can't be expected to constantly bend over backwards to coddle people who refuse to adopt sensible software development practices. Such people should be told to either change their bad practices or lose their job. I mean, come on!

Also, I had to laugh at the statement "I'm amazed that someone hasn't come up with the idea yet of making malloc() and free() stub-calls into a generic garbage-collected memory allocator and doing away with C memory management altogether." Umm.. someone has -- has this guy never heard of the Boehm-Demers GC, which is used in dozens of high-profile projects? Boehm describes how to do exactly what he says in the documentation for his collector.

It's such a perfect world...

Such people should be told to either change their bad practices or lose their job. I mean, come on!

That's assuming their managers want promote better practices. In practice they usually don't. And let's not go back to the classic "if you are so right, the market will drive them out" argument. It's a deadend..