6 comments

[ 3.2 ms ] story [ 22.8 ms ] thread
When did iOS and Android become languages?
Interesting. Java generates twice as many security flaws as C++ (per megabyte of source code), but C++ generates more critical flaws. .Net generates more security flaws and more critical flaws than C++.

Looks like sandboxing and garbage collection aren't a cure-all...

It also showed that Java produced less critical flaws per MB than C++. So maybe sandboxing and GC are a cure-all.

Depending on how you cherry-pick the results, of course

There are two separate issues. One is how prone to security flaws the language itself is. The second is if there are library routines that introduce flaws.

This study is highly dependent on the exact code base analyzed, and especially on the quality of the analysis tools with regard to false positive rate.

I suspect this is largely GIGO but will try to take a deeper look at it at some point.

How is it possible that a language can generate a vulnerability?