Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.

  • ScreaminOctopus
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    1
    ·
    9 months ago

    Pretty crazy to reccomend Java as a secure alternative.

      • zik@lemmy.world
        link
        fedilink
        arrow-up
        14
        ·
        edit-2
        9 months ago

        Java’s runtime has had a large number of CVEs in the last few years, so that’s probably a decent reason to be concerned.

        • u_tamtam@programming.dev
          link
          fedilink
          arrow-up
          5
          arrow-down
          2
          ·
          9 months ago

          Yep but:

          • it’s one runtime, so patching a CVE patches it for all programs (vs patching each and every program individually)

          • graalvm is taking care of enabling java to run on java

      • ScreaminOctopus
        link
        fedilink
        English
        arrow-up
        3
        ·
        9 months ago

        Nothing really, the JVM has a pretty troubled history that would really make me hesitate to call it “safe”. It was originally built before anyone gave much thought to security and that fact plauges it to the present day.

        • u_tamtam@programming.dev
          link
          fedilink
          arrow-up
          2
          ·
          9 months ago

          and how much of this troubled history is linked to Java Applets/native browsers extensions, and how much of it is relevant today?

        • FooBarrington@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          9 months ago

          There’s a difference between writing code on a well-tested and broadly used platform implemented in C++ vs. writing new C++.