Is Java More Secure Than C?

February 19, 2016 • Podcast

By

David Svoboda

In this podcast, CERT researcher David Svoboda analyzes secure coding rules for both C and Java to determine if they indeed refute the conventional wisdom that Java is more secure than C.

Publisher

Software Engineering Institute

Topic or Tag

Listen

Watch

Abstract

Whether Java is more secure than C is a simple question to ask, but a hard question to answer well. When researchers on the CERT Secure Coding Team began writing the SEI CERT Oracle Coding Standard for Java, they thought that Java would require fewer secure coding rules than the SEI CERT C Coding Standard because Java was designed with security in mind. They also assumed that a more secure language would need fewer rules than a less secure one. However, Java has 168 coding rules compared to just 116 for C. Why? Are there problems with our C or Java rules, or are Java programs, on average, just as susceptible to vulnerabilities as C programs? In this podcast, CERT researcher David Svoboda analyzes secure coding rules for both C and Java to determine if they indeed refute the conventional wisdom that Java is more secure than C.

About the Speaker

David Svoboda

David Svoboda is a software security engineer at the CERT Division of the Software Engineering Institute. He co-authored or contributed to four books, including The SEI CERT C Coding Standard and The CERT Oracle Secure Coding Standard for Java. He also maintains the SEI CERT Coding Standards wiki and has …

Software Engineering Institute