Define large enough...
Posted Nov 21, 2011 7:34 UTC (Mon) by khim
In reply to: Still more nonsense...
Parent article: Interview with Andrew Tanenbaum (LinuxFr.org)
There are literally no large enough unmanaged systems without buffer exploit vulnerabilities.
And the same is true for managed systems. But security is not binary. Number of successful exploits against JVM and .NET dwarfs the number of successful exploits against memory-managed systems.
So your best case shows that MEMORY PROTECTION WITH UNMANAGED LANGUAGES IS NOT SECURE
No, my best case shows that you can make it secure enough that break-ins will make the news. JVM and .NET-based break-ins are just accepted as "fact of life", even if they make the news they are reported as "oh, well, yet another vulnerability is found and fixed in XXX product". Often they don't make the news at all. If your idea of improving security is to replace poorly behaving system with utterly broken system then I'm glad you are not working here.
to post comments)