Language designers and developers want better ways to write good code– languages designed with simpler, more powerful abstractions accessible to a larger community of developers. However, language design does not seem to take into account security, leaving developers with the onerous task of writing attack-proof code. In 20 years, we have gone from 25 reported vulnerabilities to 6,000+ vulnerabilities reported in a year. The top two types of vulnerabilities for the past few years have been known for over 15+ years. I’ll summarise data on vulnerabilities during 2013-2015 and argue that our languages must take security seriously. Languages need security-oriented constructs, and compilers must let developers know when there is a problem with their code. We need to empower developers with the concept of “security for the masses” by making available languages that do not necessarily require an expert in order to determine whether the code being written is vulnerable to attack or not.
Wed 25 Oct
|13:30 - 14:00|
Ben LivshitsImperial College London, UK
|14:00 - 14:30|
Cristina CifuentesOracle Labs
|14:30 - 15:00|
Jean YangCarnegie Mellon University