Interesting. Java generates twice as many security flaws as C++ (per megabyte of source code), but C++ generates more critical flaws. .Net generates more security flaws and more critical flaws than C++.
Looks like sandboxing and garbage collection aren't a cure-all...
There are two separate issues. One is how prone to security flaws the language itself is. The second is if there are library routines that introduce flaws.
This study is highly dependent on the exact code base analyzed, and especially on the quality of the analysis tools with regard to false positive rate.
I suspect this is largely GIGO but will try to take a deeper look at it at some point.
6 comments
[ 3.2 ms ] story [ 22.8 ms ] threadLooks like sandboxing and garbage collection aren't a cure-all...
Depending on how you cherry-pick the results, of course
This study is highly dependent on the exact code base analyzed, and especially on the quality of the analysis tools with regard to false positive rate.
I suspect this is largely GIGO but will try to take a deeper look at it at some point.