Sign In

Communications of the ACM

ACM TechNews

The Real Software Security Problem Is ­S

View as: Print Mobile App Share:
If we want our systems to have fewer vulnerabilities, we need to use better building materials, says Carnegie Mellon University professor Jean Yang.

Says Carnegie Mellon University professor Jean Yang, "The only reason our online life is insecure is that we let it happen."


There are simple steps that can be taken to make software more secure and resilient, writes Carnegie Mellon University professor Jean Yang.

She says the main problem underlying the security and other failures of modern software is the programming languages used to create them. Many of the most common programming languages are old or derive from much older code and Yang believes they are not up to the task of building the efficient, secure software needed today. She says the most common languages make it too easy to introduce mistakes and too difficult to detect those mistakes once they've been made.

Yang says developers need new, purpose-built programming languages that will provide security-enhancing functions such as the ability to manage memory automatically so bugs such as Heartbleed will not crop up. She points to the Hack and Flow languages created by Facebook as an example.

However, Yang says software users will have to demand these changes before software makers decide to pursue them. "To make that happen, we all need to value technical soundness over novelty," she writes. "It's up to us to make online life is as safe as it is enjoyable."

From Technology Review
View Full Article


Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account