Think about Loose Coupling | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I'm used to dealing with Perl-FUD of many shapes and sizes, from "it's unmaintainable" to "it's not enterprise-ready" to "it's too slow{1}". Today, though, I got a new one. My manager's manager's manager (manager^3, for short) is trying to put the brakes on a very nice project that happens to be mostly Perl code, on the grounds that "Perl is not secure." As far as I can tell, manager^3 believes that this is the case because 'Perl has bindings into OS calls that bypass OS security'. Fortunately, manager and manager^2 don't buy it. Manager^2 has asked me to disprove manager^3's misgivings. Now, I can certainly explain how Perl works, but that (a)will probably be beyond manager^3's ken, and (b)manager^3 will not be convinced by just my words alone. I've Googled quite a bit, but can't really find what I'm looking for: a good article (not on someone's blog, unless they are a well-known technologist{2}) that explains how Perl compares to .NET and/or Java in terms of security. FWIW, the application in question is to be installed on a RedHat Linux sever and run under mod_perl, so any suggestions specifically germane to that environment would be useful as a supplement to more general resources. Ultimately, any help I can get from the Monastery would be useful. I know there are Monks here who could probably write and publish such a piece, and whose work would be respected, but I'd be happy with any reference I can get hold of. Unfortunately, time is short, I only have a few days to make my case that we don't need to ditch an entire product just because it's written in Perl. Whatever material I find elsewhere, I will post here as well. Whatever I use, I will collect together and post, with a report on how it was received. When that happens, I will link to that post (probably a Meditation, I'd think) by updating this node as well. Many thanks!
Update:Based on links provided below (thanks to those that read and understood that I needed external documentation, not just a technical explanation), and in collaboration with some savvy pro-Perl managers at my organization, I've come up with the following upper-management-friendly summary:
This is not entirely final, so if others have something to add, please feel free to do so. Updates:
<–radiant.matrix–>
Ramblings and references The Code that can be seen is not the true Code I haven't found a problem yet that can't be solved by a well-placed trebuchet In reply to How to answer "Perl is not secure" objections? by radiantmatrix
|
|