Cybersecurity

Post Reply New Topic

No, i'm an actual SECURITY PROFESSIONAL, apparently the only one in this thread. Go hide in the programming thread where you sprouted your ill informed opinion about your ancient buffer overflow producing language.

The buffer overflows are the result of poor programming practices, not the language. The most you could say is that C doesn't protect you from your own bad practices. That does not make it inherently insecure.

Besides, buffer overflows aren't that difficult to avoid.

And, for what it's worth, I've seen "security professionals" who were too incompetent to set up a firewall.

Want to know what the real security issues are? People who don't know anything about security thinking that they do. We end up with very broken protocols and very broken implementations. If you want a really good example of this, WPA for wireless "security" is one.

Here is a procedure list before talking about security:
1. Do your home work.
2. Open your mouth.

This is the general consensus of people who have programming experience and work in security:
https://twitter.com/ryanhuber/status/877623129903738880

https://www.tripwire.com/state-of-security/vulnerability-management/compiler-undermining-secure-coding/

https://www.us-cert.gov/bsi/articles/knowledge/coding-practices/compiler-checks

http://www.cs.kuleuven.be/publicaties/rapporten/cw/CW386.pdf

https://nebelwelt.net/publications/files/15LangSec.pdf

"Boohoo, someone is pointing out security vulnerabilities in my language, and i defend it because i dont know how to write code in any other language, because my programming knowledge refuse to move beyond 1972."

Why don't you grow up and learn to debate a subject instead of resorting to personal attacks?

By turning it into a personal attack, the points you were trying to make will now be ignored.