[langsec-discuss] so what does langsec have to say about heartbleed?
bascule at gmail.com
Tue Apr 8 23:43:34 UTC 2014
On Tue, Apr 8, 2014 at 4:24 PM, <travis+ml-langsec at subspacefield.org> wrote:
> is there something like taint-checking that we could do in programming
> languages to prevent this sort of thing?
Perhaps an odd place to look, but Microsoft's TS* language for embedding
"Un" heap) for handling of untrusted data as part of its gradual dependent
I think it'd be interesting to see languages whose type systems have first
class knowledge of what data is secret (and shouldn't be leaked) and what
data is tainted/untrusted (and shouldn't be used in sensitive contexts)
All that said the OpenSSL vulnerability is a clear indication, at least to
me, that security-critical code shouldn't be written in memory unsafe
languages like C.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the langsec-discuss