On 04/15/2013 08:17 PM, Miloslav Trmač wrote:
Sure, moving away from C/C++ does not make programs completely
however, on average, C/C++ programs are noticeably less secure (because
most vulnerabilities that can happen in higher-level languages can also
happen in C, but not the other way around).
To illustrate this point, here's a fairly concrete example: If you have
got a program that is written in a memory-safe language which also
provides some form of encapsulation, it is possible to demonstrate
convincingly (*) that a software module which provides an
encryption/decryption service never leaks the key material. If there is
no memory safety, other code in the program could peek at the key bits,
and encapsulation is no longer guaranteed. What should be a local
property of the module now turns into a global property of the program,
making review more difficult.
(*) As soon as cryptography is involved, mathematically rigorous results
are the exception.
Florian Weimer / Red Hat Product Security Team