Hacker News new | past | comments | ask | show | jobs | submit login

Yes, but all that gets you is that no language is a panacea; bugs always exist. It does not address the question of whether or not there will be a propensity for more bugs (or more severe bugs) when comparing two languages.



> It does not address the question of whether or not there will be a propensity for more bugs (or more severe bugs) when comparing two languages.

My argument is based on the act of rewriting it---regardless of language. Many languages provide excellent guarantees, but that does not protect against bugs in the implementation itself (logic).


Yes; and the rewrite can take into account the logic used in the old code (especially in the security-critical areas) as well as all the vulnerabilities that have happened before. You're not starting from a complete blank slate; you can pick up the lessons learned.

Despite being "battle tested", all of these C programs continue to have both memory and logic errors. I think a rewrite would have the same rate of new logic issues after the initial code review and testing. "bugs will always exist" -- sure, so if we have something that eliminates a class of bugs, why not use it? The other classes of bugs will be there (and probably in the same force) whether you rewrite or not.

A lot of these bugs get introduced due to cruft in old code as well. So there are a bunch of tradeoffs here.


> Many languages provide excellent guarantees, but that does not protect against bugs in the implementation itself (logic).

This is the black and white security fallacy. Memory safety problems are, statistically, a huge quantity of security bugs. By eliminating them you drastically reduce the number of bugs.




Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: