I could not reply to your message one below so moving it here:
>You're the one that has three times now commented on one of my posts trying to prove to yourself that everything you're doing is fine and there's nothing you could be doing better from a security perspective.
I am just expressing my opinion. You know, taking distraction from mundane work to talk technical things. I am not trying nor do I need to prove how I do my development/design and what tools do I use and frankly I do not give a flying hoot what others might think about it. I run my own business after all.
As to you particular point of language being unsafe because it allows typecast pointer to integer: allowing unsafe features in my view does not make language unsafe as long as it provides safe way of doing things as well. It is called flexibility in my book.
Security wise: could I've done better? Sure. Anything could be done better but you've probably heard about the law of diminishing returns. Does the fact that I use language that have unsafe feature automatically make my software unsafe if I do not use said features - big fat NO. Even if do use such feature (and rarely but sometimes I do for the sake of efficiency) it does not really change the main point.
As senior engineer at a security conscious firm, who used to freelance by writing exploits for code written by developers with your attitude, I want to make sure we don't use your software.
I think you should go and get help if you do not understand why people on newsgroups often prefer to stay anonymous.
And if you are as you say major security guy as you claim you probably already checked all the software you allow to use for security breaches. So you either found the problem and got rid of said software or you're just full of it.
And if your business recommendations to your company are base on "attitude" picked from internet chat or shall I say you personal likes why don't you submit this conversation to your employer.
And finally the last thing I feel like doing is promoting my business/services to people like yourself.
> And if you are as you say major security guy as you claim you probably already checked all the software you allow to use for security breaches. So you either found the problem and got rid of said software or you're just full of it.
Do you know what an 0 day is?
> And if your business recommendations to your company are base on "attitude" picked from internet chat or shall I say you personal likes
My recommendations to my employer are based on many things, including overall security posture. The world's best engineers ship memory unsafety bugs in C and C++, including modern C++. Your statements belay an overall lack of respect for the problem space, which in my experience leads to an increase of issues, even above the general steady state.
> why don't you submit this conversation to your employer.
I plan to as soon as there is actionable information.
> And finally the last thing I feel like doing is promoting my business/services to people like yourself.
You're the one who's been regularly deciding to comment on my posts trying to convince yourself that everything you're doing is fine, and you can't do better. "People like [my]self" are just telling you that you can do better, and only when you decide to go out of your way to start shit.
You're the one that has three times now commented on one of my posts trying to prove to yourself that everything you're doing is fine and there's nothing you could be doing better from a security perspective.
I am just expressing my opinion. You know, taking distraction from mundane work to talk technical things. I am not trying nor do I need to prove how I do my development/design and what tools do I use and frankly I do not give a flying hoot what others might think about it. I run my own business after all.
As to you particular point of language being unsafe because it allows typecast pointer to integer: allowing unsafe features in my view does not make language unsafe as long as it provides safe way of doing things as well. It is called flexibility in my book.
Security wise: could I've done better? Sure. Anything could be done better but you've probably heard about the law of diminishing returns. Does the fact that I use language that have unsafe feature automatically make my software unsafe if I do not use said features - big fat NO. Even if do use such feature (and rarely but sometimes I do for the sake of efficiency) it does not really change the main point.