“But to help all of my development organizations to scale and support the security, this just doesn’t fly. The goal of the security team is to help the development organizations to embed the security life cycle in their development workflow, rather than providing auditing services for those teams.”
Language as the problem
While adding security tools to the workflow is a popular way to embed security into the development process, some developers have been offering even more drastic solutions to software security woes. One of the big ones, which sounds almost like a joke upon first hearing it, is simply that developers shouldn’t use C.
Gary McGraw, CTO of Cigital, said exactly this. “Mostly, what I advocate is getting rid of C as a programming language,” he said. “It’s important to realize some languages are better than others, and some software security techniques are better than others. Heartbleed was a particularly heinous piece of code, even from the perspective of understanding how it works.”
C’s lack of type safety is the primary problem for security when developing in the language. Without proper coding practices, buffer overflows can be quite common unless there are proper measures and tests in place to stop such exploits from making it through production.
McGraw said he’s been advocating for abstinence from C for many years, and that only recently have other developers begun to take the idea seriously.
“I went to Bell Labs where I gave a talk in the year 2000,” he said. “During the talk, I would always get the audience to chant along ‘C is bad!’ I was sitting there with Dennis Ritchie, who invented C, in the front row. It took a while before he nodded his head and everyone started chanting. It’s an issue that really science researchers and academics and programming languages people have paid more attention to than development managers. It’s high time development managers think about programing language choices.”
McGraw said that C can be avoided in modern environments, and particularly on the Web. “The main thing is that if there’s a modern approach, with a modern language, and the trade-offs make sense, you should adopt that. With great power comes great responsibility; in some cases you do have to use C or you might even have to use assembly, but not in most cases,” he said.
Language as the answer
If choosing a new language is the approach your team favors, there are a lot of options. Ada, in particular, is designed to minimize security and fault risks, and as such is an example of a programming language that can help minimize the problems faced when an application makes it out into the wild.
Robert Dewar, Adacore’s CEO and cofounder, said that Ada’s use in mission-critical systems, like avionics controls, has turned it into a language that can be trusted, provided your developers are serious about security when they write their code.