From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@sympa.inria.fr Delivered-To: caml-list@sympa.inria.fr Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by sympa.inria.fr (Postfix) with ESMTPS id 0A2657EE51 for ; Sat, 25 May 2013 01:13:48 +0200 (CEST) Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of oliver@first.in-berlin.de) identity=pra; client-ip=192.109.42.8; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="oliver@first.in-berlin.de"; x-sender="oliver@first.in-berlin.de"; x-conformance=sidf_compatible Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of oliver@first.in-berlin.de) identity=mailfrom; client-ip=192.109.42.8; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="oliver@first.in-berlin.de"; x-sender="oliver@first.in-berlin.de"; x-conformance=sidf_compatible Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of postmaster@einhorn.in-berlin.de) identity=helo; client-ip=192.109.42.8; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="oliver@first.in-berlin.de"; x-sender="postmaster@einhorn.in-berlin.de"; x-conformance=sidf_compatible X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvEBAKXzn1HAbSoIlGdsb2JhbABahnO5VYUngQcWDgEBAQEJCwkJFAQkgiQBBSNWEAsJEQIFIQICDwUYMYggBKd+kWEWgRCNdweCQTJhA48HiDOUUg X-IPAS-Result: AvEBAKXzn1HAbSoIlGdsb2JhbABahnO5VYUngQcWDgEBAQEJCwkJFAQkgiQBBSNWEAsJEQIFIQICDwUYMYggBKd+kWEWgRCNdweCQTJhA48HiDOUUg X-IronPort-AV: E=Sophos;i="4.87,738,1363129200"; d="scan'208";a="18911920" Received: from einhorn.in-berlin.de ([192.109.42.8]) by mail2-smtp-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 May 2013 01:13:47 +0200 X-Envelope-From: oliver@first.in-berlin.de Received: from first (e178014212.adsl.alicedsl.de [85.178.14.212]) (authenticated bits=0) by einhorn.in-berlin.de (8.13.6/8.13.6/Debian-1) with ESMTP id r4ONDjYZ014430 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 25 May 2013 01:13:46 +0200 Received: by first (Postfix, from userid 1000) id B1770154066B; Sat, 25 May 2013 01:13:45 +0200 (CEST) Date: Sat, 25 May 2013 01:13:45 +0200 From: oliver To: David MENTRE Cc: Esther Baruk , "caml-list@inria.fr users" Message-ID: <20130524231345.GA1923@siouxsie> References: <519F1CF6.7050007@riken.jp> <20130524143500.GE2007@siouxsie> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) X-Scanned-By: MIMEDefang_at_IN-Berlin_e.V. on 192.109.42.8 Subject: Re: [Caml-list] French study on security and functional languages On Fri, May 24, 2013 at 05:18:53PM +0200, David MENTRE wrote: [...] > Nonetheless I find interesting and refreshing[1] the fact that ANSSI > is at least seriously considering OCaml for writing security related > programs. [...] Is this really especially for OCaml? or also Haskell and the other languages? I ask, because when looking at the comparison table from page 55, then there are other languages that also have good results. Looks like the type system is the main distinction between the well and the bad languages. And there are OCaml, F#, Scala, Haskell, which have good rates in the table. It would have been nice, if non-functional languages would have been rated also. I think they all would be on the bad side. This would then be a good argument pro Functional languages. But all the languages that were in the table were functional languages. The typical average decider in a company, who does have influence to decide for the one or the other language would not know all the other languages. So, this comparison might be good for certain "insiders", but the mainstream is using C, C++, Java, Perl, Python, Ruby and so on. If these languages would be checked also (and I assuem they would be a bad choice), then this paper would be really a good argument for deciders of many companies. In most cases I'm the only person in a project who at all knows languages like OCaml... and also uses it. And most often it's not allowed to use it because of this reason... ...but sometimes, some personal tools are allowed to write in any language. But most often not even that... and mainstream languages have to be used... Ciao, Oliver