Interesting question – eh? There is a great amount of passion on both sides of the argument. Beyond the emotion and hype, what’s the reality?After Microsoft followed Java’s lead and adopted an interpreted byte code model (common language runtime) for .NET, our official position has been that in the hands of a skilled developer, both languages can be used to produce equally secure applications. I had a client ask me this question last week, so I went looking for the latest data to back this up.Veracode is an application security testing solution provider that scans binaries, byte code and web applications as a service. They keep track of the aggregated data of the applications they scan and have recently begun publishing reports on the overall security of the code their service analyzes. Since they support both .NET and Java byte code scanning, I went to them for some specific data. This wasn’t published in their report (they are looking at adding this in the next revision), but this is what their data shows: the vulnerability density (average flaws per MB of code scanned) for .NET was 27.2 and for Java the overall density was 30.0. Read more: Neil MacDonald
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment