Some Programming Languages Are More Susceptible to Security Flaws

Veracode has published a new “State of Software Security” report, which confirms what many developers and security experts have long suspected: some programming languages are more susceptible to certain security vulnerabilities than others. For example, C/C++ applications are more likely to have buffer overflow problems. In fact, 48 percent of C/C++ applications submitted to Veracode for analysis had buffer overflow flaws, compared to just 1 percent of .NET applications.

Veracode’s Chris Eng explained, “Languages such as C/C++ are not type safe languages…. In C/C++, the programmer has to keep track of the type and space with no help from the language or compiler, allowing flaws to creep into the software. Languages such as .Net are type safe, so you will see a much lower occurrence of buffer overflow flaws.”

The report also found that SQL injection flaws varied by programming language. For example, 72 percent of ColdFusions applications had SQL injection vulnerabilities, compared to 31 percent of Java applications and 27 percent of PHP applications.

View article

Share the Post:
Share on facebook
Share on twitter
Share on linkedin

More From DevX