Until Unix and Linux programmers get over their macho love for low-level programming languages, the security holes will continue to flow freely, argues SecurityFocus columnist Jon Lasser.
nick(3/27/03 11:16 AM CST): I take a couple issues with this article:

"In an age where processing power is cheap, there's no excuse for a mail client written in C or C++" - while this is generally a good point, certain algorithms in a mail client must be lightning fast for it to win the usability battle. I think the argument is much stronger for server software where security and stability are at a premium. "I think it's safe to say that programmers spent less time at self-criticism than pilots" - this is a broad statement and is an interesting assertion, but is sort of silly. A more reasonable statement might be something like: if programmers/users of software were as concerned about the stability of their code and as intolerant of errors there as pilots/passengers are with the structural integrity and safety records of their planes, then we might not see so many problems. When you phrase it this way though, it's clear that many of the reasons software is the way that it is have to do with social/economic issues of the market than the programmers themselves.