by Leon Rosenshein

Language Security

In the spirit of Security Awareness month and in today’s homage to bad research, I present What are the most secure programming languages. There is so much wrong with this doc I don’t know where to start. I’m sure there are many data scientists here who can quote chapter and verse about the flaws, but there are a couple I want to touch on.

The first has nothing to do with data science or research, it’s the on the editorial/marketing side. 17 pages of words, charts, and graphs, and they never actually say what the most secure languages are. They list all kinds of problems, but they never follow through on their promise.<

Second, the most common vulnerabilities listed, Cross-Site Scripting (XSS), Input Validation, Permissions, Privileges, and Access Control, and Information Leak / Disclosure are stupid human tricks, Yes, C/C++ makes it harder to get memory right and has more buffer overrun errors, but come on folks. Let’s not blame the language for our mistakes. Input Validation? Permissions, privileges, and Access control? We should know better than that.