Tuesday, March 11, 2014

the case against GOTO in security

i could have made this longer but i have a feeling it might be more powerful in this form.

there is no programming construct that offers more freedom and flexibility than GOTO. consequently, no programming construct carries with it a greater potential for complexity

since "complexity is the worst enemy of security", therefore GOTO should be considered harmful to and/or an enemy of security.

i'm surprised more people haven't made this connection, or that it hasn't seen more mainstream attention. whatever else you may think of GOTO in regular software, in security-related software this has to be an added consideration. the traditional taboos against GOTO that Larry Seltzer identified may not be entirely rational, but i tend to think the security taboo against complexity is.