Richard Kenner wrote:
You're misrepresenting the argument here. This is not just about newly
written software, but also about software that already has been written.
There are multiple arguments here. That comment of mine was addressing the
claim that somebody (I think you) made that stated that it was too much to
expect programmers writing security-critical code to understand these aspects
of C.
Once again, the discussion is not about the narrow class of
security-critical applications, but a more general one about
all software where security is a consideration.
I agree with all the arguments about legacy code, but I'm much less
tolerant of such arguments for NEW code.
new code is still written by legacy programmers. Compiler writers
are in the business of creating compilers that are useable, not just
ones that conform to the standard!
