I am not sure you can do such comparisons on the security of programming languages, and on the efficiency of auditing tools. For example how much of this difference is due to the code auditing people not catching all Java flaws? How do you measure the efficiency of a code audit? If you find 70 flaws in 100.000 lines of Java code, does it mean you missed 630 flaws, that you would have found from C code? And how many flaws were left uncovered in the C code?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/451/1819#1819