|
|
|
|
|
|
by EsssM7QVMehFPAs
2383 days ago
|
|
|
A secure language is any strongly typed language that caters well to static analysis. Enterprise (and up to some point open-source) tools exist that are able to capture a vast range of security issues in code with the help of in-depth static analysis. I'd rather consider Java, .NET, C, or to a limited degree C++ as secure because of this. Our compilers should long have included static analysis on par with optimization efforts, because - as you say - people tend to produce errors in code. Strong type systems and memory safety are a very nice first step though. I am certain this will change over the years, but then the trend (that I am also prone to) is to go dynamic for the sake of productivity anyways. |
|
|
Java, C# (not all .NET languages) are both quite strongly typed (it would be nice if there was no implicit toString conversion in C#, I think Java has this, too).
F# is a bit better than C# in terms of type system (especially exhaustive pattern matching on discriminated unions leads to a lot more potential type safety).
C or C++? They are happy to implicitly convert a lot of things, they're statically typed, but very weakly so. And in terms of memory safety C strings and arrays are the reason why static analysis is absolutely necessary here.
>Our compilers should long have included static analysis
The Rust compiler is doing a lot of what would be considered static analysis. And if you're dealing with normal strings and arrays you're not prone to C-like buffer overflow behavior. If you run in debug mode then you even get assertions on integer wrapping. This IMHO is also the biggest issue with C/C++. The fact that the compiler still allows so much to go through and only the static analyzer gives you a warning. Big companies rarely have code bases where most of the static analysis warnings are even solved. And it's hard to hire only "disciplined" programmers.