On 14/12/2021 12:04 am, John McKown wrote:
I don't think COBOL is explicitly, or implicitly, more secure than the base Java language. The "problem" is not the Java language, but the Internet infrastructure built into the Java libraries and "add on" facilities such as LOG4J. A COBOL programmer would most likely write their own logging facility whereas a Java programmer would have a much larger selection of "prebuilt" libraries to use & would so likely use them. These facilities might or might not have any vulnerabilities in them.
I still see that as problems with the libraries rather than the language. You can choose whether or not to use the libraries that are available. I suspect that locally written software has many more security problems than commonly used libraries, but you end up with your own individual bugs rather than the bug that everyone on the internet knows about.
-- Andrew Rowley Black Hill Software ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
