Saturday, April 10, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Which are the most insecure languages?

March 25, 2019
in Internet Security
Which are the most insecure languages?
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Python is now a top-three programming language – and Julia is on the rise
The MIT-created Julia programming language continues its ascent in developer popularity.

From top to bottom, technology is riddled with security errors. At the lowest level, we have hardware errors such as Intel’s Meltdown and Spectre bugs. Just above those, we have programming language security holes, and boy, do we have a lot of those!

You might also like

Washington State educational organizations targeted in cryptojacking spree

Critical Zoom vulnerability triggers remote code execution without user input

Nation-state cyber attacks targeting businesses are on the rise

WhiteSource, an open-source security company, recently did a study of open source security vulnerabilities in the seven most widely used languages over the past decade. To find the bugs, the company used it language security database. This contains data on open-source vulnerabilities from multiple sources such as the National Vulnerability Database (NVD), security advisories, GitHub issue trackers, and open-source projects issue trackers.

Here’s what the company found: These languages are C, Java, JavaScript, Python, Ruby, PHP, and C++. There are no surprises. 

There’s also no surprise as to which language had the most security bugs. That’s C, by a wide margin. Nearly 50 percent of all reported vulnerabilities were in C.

As  Kees “Case” Cook, Google Linux kernel security engineer, said recently: “C is a fancy assembler. It’s almost machine code.” In addition, “C comes with some worrisome baggage, undefined behaviors, and other weaknesses that lead to security flaws and vulnerable infrastructure.”

But, WhiteSource argued, “This is not to say that C is less secure than the other languages. The high number of open source vulnerabilities in C can be explained by several factors. For starters, C has been in use for longer than any of the other languages we researched and has the highest volume of written code. It is also one of the languages behind major infrastructure like OpenSSL and the Linux kernel. This winning combination of volume and centrality explains the high number of known open-source vulnerabilities in C.”

They have a point. But, having programmed and fought with C for decades now, it really is way too easy to make terrible security blunders in C. For example, C contains a great deal of undefined behavior, which leaves all kinds of nasty possibilities open.

C++, however, has the “honor” of having the most high-severity vulnerabilities in the past five years. Buffer errors, which have long plagued C, are also now being discovered often in C++.

Language Security Bugs

The numbers don’t tell the full story when it comes to which language is the least, or most, secure. 


(Image: WhiteSource)

That said, JavaScript, perhaps the most popular language, is also the only one that saw a “continuous rise in the number of vulnerabilities in the past 10 years.”

Before making too much fun of JavaScript, those results, WhiteSource points out, are misleading. Most of JavaScript’s Common Weakness Enumeration (CWE)s  are Path Traversal and crypto security holes from JavaScript packages, which are barely used, maintained, or supported.

So, why are they — and other language problems — showing up? New automated programs, such as Source Code Analysis Tools, are spotting vulnerabilities, which otherwise would have been overlooked.

The one language, which has been showing well on security holes, is — drumroll, please — Python. Yes, good old — often made fun of — Python.

Nearly all languages share some CWEs. Two CWEs reigned supreme and featured among the three most common 70 percent of languages: Cross-Site-Scripting (XSS), aka CWE-79 and Input Validation, otherwise known as CWE-20.

Other CWEs that show up a lot are: Information Leak/ Disclosure (CWE-200), Path Traversal (CWE-22), and CWE-264 Permissions, Privileges, and Access Control. The last is being displaced recently  with its more specific, close relative — Improper Access Control (CWE-284).

But is C really the worse and Python the best? WhiteSource thinks that’s much too simple a conclusion: “While the game of ‘my programming language is safer than yours’ is certainly a fun way to pass time …  finding the answer will probably not help you create the most innovative or secure software out there.”

No, instead you should spend your time “staying on top of known open-source vulnerabilities and understanding the strong and weak points in the programming languages you and your team are using.”

In the end, security is not about the languages, but how you use them.

Related Stories:

Credit: Source link

Previous Post

Invistics leverages machine learning to track hospital drug theft

Next Post

My experience with Artificial Intelligence – Becoming Human: Artificial Intelligence Magazine

Related Posts

Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Nation-state cyber attacks targeting businesses are on the rise
Internet Security

Nation-state cyber attacks targeting businesses are on the rise

April 10, 2021
These are the terrible passwords that people are still using. Here’s how to do better
Internet Security

These are the terrible passwords that people are still using. Here’s how to do better

April 9, 2021
Why do phishing attacks work? Blame the humans, not the technology
Internet Security

Why do phishing attacks work? Blame the humans, not the technology

April 9, 2021
Next Post
My experience with Artificial Intelligence – Becoming Human: Artificial Intelligence Magazine

My experience with Artificial Intelligence – Becoming Human: Artificial Intelligence Magazine

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison
Data Science

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison

April 10, 2021
IBM releases Qiskit modules that use quantum computers to improve machine learning
Machine Learning

IBM releases Qiskit modules that use quantum computers to improve machine learning

April 10, 2021
Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021
Data Science

5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021

April 10, 2021
One-stop machine learning platform turns health care data into insights | MIT News
Machine Learning

One-stop machine learning platform turns health care data into insights | MIT News

April 10, 2021
Machine learning: is there a limit to technological patents in Brazil?
Machine Learning

Disclosing AI Inventions – Part I: Identifying the Unique Disclosure Issues

April 10, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison April 10, 2021
  • IBM releases Qiskit modules that use quantum computers to improve machine learning April 10, 2021
  • Hackers Tampered With APKPure Store to Distribute Malware Apps April 10, 2021
  • 5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021 April 10, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates