|
|
|
|
|
|
by dozzie
3667 days ago
|
|
|
> First of all: Makes using a specific programming language a software much less secure? Probably not. Quite the contrary, most probably yes. Mistakes happen, but different
languages make different kinds of mistakes impossible or very easy. You can't
get segfault when manipulating strings in Perl or Python, while in C it takes
plenty of effort to avoid. |
|
|
But many of these problems can also be caught using the right tools and framework. With Ruby, using Rails will eliminate entire groups of risks you would have without it.
This is the same with PHP and frameworks like Symfony - which, incidentally, we use large parts off. And Lukas has been working a LOT on doing this kind of work, making sure we eliminate types of problems and mistakes developers could make. Combined with training (giving talks and workshops on writing secure code to our developers at events), code reviews by him and others, static code checking and so on, you get something that is really quite secure.
I am confident enough to say that our code base is the most secure way of sharing and syncing files using open source. Of course, before you or somebody else brings it up, SSH and rsync makes for a more secure experience but that's not exactly what Nextcloud competes with so perhaps add 'that gives a dropbox-like experience' to the above qualification :D