Whether due to corporate project demands or out of pure curiosity, developers are often faced with learning new programming languages. While this can present challenges, especially when it comes to maintaining secure coding best practices, it also opens the door for developers to become accustomed to new, and increasingly better, languages.
One language in particular that has quickly become a rising star in today’s software development community is Go, an open-source language developed by Google. Many have heard of Go since its “birth” in 2009 – in fact, according to a new survey from Stack Overflow, Go is now the fifth most popular language among developers due to its simplicity and reliability. And, the fact that it’s one of the highest-paid programming languages certainly doesn’t hurt things either. However, in a 2019 survey that gathered nearly 11,000 responses from Go developers, the majority of respondents (56%) indicated they’re new to the language, having used it for less than two years. Despite having been around for a while, it’s clear that Go still has a long road ahead to reach widespread adoption, especially in corporate environments.
As Go continues its rise, we’ve outlined the top three reasons why we’re Go advocates, so much so that we’re adding enhanced support for the language ourselves, and encourage developers to take the time to learn this easy-to-use language.
1. Go syntax is simple and clean: Go syntax is something between C and Python, with advantages from both languages. It has a garbage collector that is very useful. It does not have objects, but it supports structures (structs) and any type can have a method. It does not support inheritance but does support compositions and interfaces. With Go, developers can have a pointer to a variable, but at same time, don’t have to worry about referring to its methods. It’s statically typed, but it’s non-strict because of the type inference. And last, but certainly not least, Go has a simple, concurrent model.
Digging into Go’s simplicity, but “awesomeness” a bit further:
- Swapping between variable is simple (e.g., b, a = a, b)
- Importing packages directly from GitHub or any other source manager is a breeze (import “github.com/pkg/errors”)
- By starting a Goroutine, it supports concurrent routing (go runConcurrently())
2. Go is efficient and scalable: Thanks to the Go dependency model and its memory management, compilation is very fast when compared to low-level languages, and even more so with high-level languages. Go’s runtime performance is similar to C++ and C, making its performance quite notable. In the context of scaling, Go is much faster than its competitors. For example, when comparing Goroutines to Java threads, Java thread consumes ~2KB, when Java thread consumes ~1MB.
3. Go is widely used and easy to learn: Go is an open source language with wide adoption and a fast-growing community. On the web, there are several free and useful packages and many Q&As, FAQs, and tutorials. In addition, Go Language is very easy to learn. Because of its friendly syntax and the great “Tour of Go” (that takes about two days to complete and covers all the basics developers will need to get started programming in Go), after completing the tour, developers will feel very confident with the language. When starting the language, coding with it will become pretty easy overall. And after about two weeks of using it, it will likely become developers’ preferred/native language.
A reminder not to “go” too fast and think securely when using open source
As easy as Go makes it for developers to start coding, like any other new language, security must be top of mind. Finding Go security discussions, tips, and training can be challenging and the need for secure coding guides and summaries is apparent, since they are often of tremendous value to those starting any new language. With Go’s surge in popularity, it’s imperative that applications developed in the language are designed with security in mind.
Understanding the most common pitfalls is always a good first step. Leveraging application security testing (AST) solutions that support Go can also help ensure that more secure applications are the result. So, what are you waiting for?! Time to get GOing!