blackbearnh writes: Everyone these days knows that you have to double and triple check your code for security vulnerabilities, and make sure that your servers are locked down as tight as you can. But why? Because our underlying operating systems, languages, and platforms do such a crappy job protecting us from ourselves. A new article suggests that the inevitable result of clamoring for new features, rather than demanding rock-solid infrastructure, is that the developer community wastes huge amounts of time protecting their applications from exploits that should never be possible in the first place. TFA: The next time you hear about a site that gets pwned by a buffer overrun exploit, don't think "stupid developers!", think "stupid industry!"
Top Ten Things Overheard At The ANSI C Draft Committee Meetings:
(7) Well, it's an excellent idea, but it would make the compilers too
hard to write.