Shulou(Shulou.com)06/03 Report--

Which programming language is more secure? For this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more small partners who want to solve this problem find a simpler and easier way.

The programming language debate has long been a heated issue in the developer community, because developers like to prove that the programming language they use dominates, especially security, but the process of discussion is often accompanied by anger from both sides and ends up dead.

Programming language security debate

WhiteSource identified seven popular programming languages, C, Java, JavaScript, Python, Ruby, PHP, and C, based on popular languages used by the open source community over the past few years, and searched databases to see the number of known open source security vulnerabilities in each language over the past decade, how these vulnerabilities have changed over time, and the most common CWE for each language.

C language tops the list

The obvious number one is C, which accounts for nearly half of the total. However, this does not mean that C language security is much lower than other popular languages, such a high proportion can be explained by the following reasons: First, C language use time is the longest in the survey language; Second, C language generally writes a large amount of code; Third, one of the main languages behind infrastructure such as OpenSSL and Linux kernel is C language. This combination of time, size, and centrality explains why C has so many known open source security vulnerabilities.

In addition, the report shows how the number of open source security vulnerabilities varies over time across programming languages. Over the past decade, these programming languages have had their highs and lows. However, there is a clear trend in all languages, that is, the number of known security vulnerabilities in all languages has increased significantly in the past two years, which can be seen as an increase in awareness of security vulnerabilities and a greater popularity of open source. As resources for open source security research increase, so does the number of security issues discovered.

Master known vulnerabilities and understand the pros and cons in advance

In fact, phrases like "my programming language is safer than you" now seem more like programmer banter. Today, most software development relies on multiple programming languages rather than on one. Mastering known open source vulnerabilities and understanding the strengths and weaknesses of the programming language your team is using are all great ways to ensure that software projects are secure from the start.

When investigators looked at high-severity open source security vulnerabilities, they found that, except for JavaScript and PHP, the proportion of serious vulnerabilities in most languages covered in the report was on a downward trend. In addition, the investigators looked at common CWE in each language.

Among them, cross-site scripting attacks and input verification occupy the most common position; in addition, CWE has information leakage, path traversal, permissions and access control, improper access control, etc.

The answer to the question about which programming language is more secure is shared here. I hope the above content can be of some help to everyone. If you still have a lot of doubts, you can pay attention to the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.