An interesting meditation, to be sure.
How secure is a properly compiled and sha-checked source install of Perl and its core sockets modules? I would start with search of the Common Weakness Enumeration, National Vulnerability Database, or similar trusted site. Also, a look at rt.perl.org (searching for "CVE-", or similar) might be assistive.
Are they prone to breaking, are there obvious security flaws? Recently at $job I heard a discussion about issues reported in a security scan because the version of perl being used supposedly had vulnerabilities. (From what I read on the specific vulnerabilities, however, it appeared they involved setting environment variables, but it would be something to find out more about.)
Would you trust it in encrypted communications? I think that would depend on a number of things. The first in my consideration, which also goes toward your later question of, would Perl stand up in court as being a viable software choice? would be on whether the whole thing were home-grown, or if modules (CPAN or otherwise) were used, if the modules used are available for examination, if the module developer has sufficient expertise and experiencing in cryptographic matters, and if there are sufficient tests to reasonably assure a user that due diligence was taken (among others).
Personally, I would not specifically rule in or out a product on the basis of the language used, as "crap code can be written in any language" (I think there is an actual quote like that, although something different being written). If the author(s) are diligent, use care in the code they develop and in the process of selecting what outside code they may use, and are transparent and responsive, I do not see a reason why it could not be plausible.
My $0.02, at least. Hope that helps.
In reply to Re: security and Perl
by atcroft
in thread security and Perl
by zentara
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |