Communications of the ACM
The Real Software Security Problem Is S
Says Carnegie Mellon University professor Jean Yang, "The only reason our online life is insecure is that we let it happen."
Credit: Zazzle.com
There are simple steps that can be taken to make software more secure and resilient, writes Carnegie Mellon University professor Jean Yang.
She says the main problem underlying the security and other failures of modern software is the programming languages used to create them. Many of the most common programming languages are old or derive from much older code and Yang believes they are not up to the task of building the efficient, secure software needed today. She says the most common languages make it too easy to introduce mistakes and too difficult to detect those mistakes once they've been made.
Yang says developers need new, purpose-built programming languages that will provide security-enhancing functions such as the ability to manage memory automatically so bugs such as Heartbleed will not crop up. She points to the Hack and Flow languages created by Facebook as an example.
However, Yang says software users will have to demand these changes before software makers decide to pursue them. "To make that happen, we all need to value technical soundness over novelty," she writes. "It's up to us to make online life is as safe as it is enjoyable."
From Technology Review
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found