>Because they are using millions of lines of kernel and library code written in C or C++ to access my web application, which again is hosted on millions of lines of kernel, daemon and library code (including all the crypto) written in C or C++.
And which were proven to be unsecure time and time again.
>And the hypothetical alternative language would likely be implemented in C or C++.
Isn't rust self hosted now ?
>And it would be translated to assembly or machine code, a horribly unsafe language.
Not on a Lisp Machine ! ;)
But you are right. Not using C only suppress a class of vulnerabilities, not all of them (and not the most trivial to exploit ones). Unless you are prepared to go all the way and do formal verification, model checking, and NASA style development, your application will be unsecure, and it will be hacked. The question is what is (are ?) your plan to recover when it happens ?
Rust has been self-hosted for a long time. But that doesn't really matter anyway, because the language used to write the compiler has no relevance[1] to vulnerabilities in the compiled code. What is more important is the language the runtime is written in, and Rust's runtime is written almost entirely in Rust (offhand the only parts I know of that aren't are compiler-rt and libbacktrace).
[1] Reflections on Trusting Trust isn't relevant here, we're not considering someone trying to attack the compiler.
And which were proven to be unsecure time and time again.
>And the hypothetical alternative language would likely be implemented in C or C++.
Isn't rust self hosted now ?
>And it would be translated to assembly or machine code, a horribly unsafe language.
Not on a Lisp Machine ! ;)
But you are right. Not using C only suppress a class of vulnerabilities, not all of them (and not the most trivial to exploit ones). Unless you are prepared to go all the way and do formal verification, model checking, and NASA style development, your application will be unsecure, and it will be hacked. The question is what is (are ?) your plan to recover when it happens ?