Are they using the right technology?
Posted May 23, 2012 17:17 UTC (Wed) by JoeBuck
In reply to: Are they using the right technology?
Parent article: A Tale of Two Pwnies (Part 1)
Besides, only one of the six bugs was a classic C/C++ bug with integer overflow allowing writing beyond the end of the array. The others were either timing attacks or failures to properly check input, and such bugs are language-independent.
Switching to a "safe" language would eliminate one out of the six bugs, but then the expert cracker could look for flaws in the language implementation (bugs in the VM or the JIT) that might allow for an out-of-bounds write.
to post comments)