It's Time for Secure Languages

Cristina Cifuentes
Oracle Labs, Australia

Language designers and developers want better ways to write good code
-- languages designed with simpler, more powerful abstractions
accessible to a larger community of developers. However, language
design does not seem to take into account security, leaving developers
with the onerous task of writing attack-proof code.  In 20 years, we
have gone from 25 reported vulnerabilities to 6,000+ vulnerabilities
reported in a year.  The top two types of vulnerabilities for the past
few years have been known for over 15+ years.

I'll summarise data on vulnerabilities during 2013-2016 and argue that
our languages must take security seriously. Languages need
security-oriented constructs, and compilers must let developers know
when there is a problem with their code. We need to empower developers
with the concept of "security for the masses" by making available
languages that do not necessarily require an expert in order to
determine whether the code being written is vulnerable to attack or
not.

Bio:

Cristina is the Director of Oracle Labs Australia and an Architect at
Oracle. Headquartered in Brisbane, the focus of the Lab is Program
Analysis as it applies to finding bugs and vulnerabilities in software
and enhancing the productivity of developers worldwide.

Prior to founding Oracle Labs Australia, Cristina was the Principal
Investigator of the Parfait bug tracking project at Sun Microsystems,
then Oracle. Today, Oracle Parfait has become the defacto tool used by
thousands of Oracle developers for bug and vulnerability detection in
real-world, commercially-sized C/C++/Java applications.

Prior to her work at Oracle and Sun Microsystems, Cristina held
teaching posts at major Australian Universities, and served on the
executive committees of ACM SIGPLAN and IEEE Reverse Engineering. On
weekends she channels her interests into mentoring young programmers
through the CoderDojo network.

( https://labs.oracle.com/people/cristina )