Unsafe Impedance: Safe Languages and Safe by Design Software

arXiv - CS - Programming Languages Pub Date : 2024-07-17 DOI:arxiv-2407.13046

Lee Barney, Adolfo Neto

{"title":"Unsafe Impedance: Safe Languages and Safe by Design Software","authors":"Lee Barney, Adolfo Neto","doi":"arxiv-2407.13046","DOIUrl":null,"url":null,"abstract":"In December 2023, security agencies from five countries in North America,\nEurope, and the south Pacific produced a document encouraging senior executives\nin all software producing organizations to take responsibility for and\noversight of the security of the software their organizations produce. In\nFebruary 2024, the White House released a cybersecurity outline, highlighting\nthe December document. In this work we review the safe languages listed in\nthese documents, and compare the safety of those languages with Erlang and\nElixir, two BEAM languages. These security agencies' declaration of some languages as safe is necessary\nbut insufficient to make wise decisions regarding what language to use when\ncreating code. We propose an additional way of looking at languages and the\nease with which unsafe code can be written and used. We call this new\nperspective \\em{unsafe impedance}. We then go on to use unsafe impedance to\nexamine nine languages that are considered to be safe. Finally, we suggest that\nbusiness processes include what we refer to as an Unsafe Acceptance Process.\nThis Unsafe Acceptance Process can be used as part of the memory safe roadmaps\nsuggested by these agencies. Unsafe Acceptance Processes can aid organizations\nin their production of safe by design software.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Programming Languages","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2407.13046","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

In December 2023, security agencies from five countries in North America, Europe, and the south Pacific produced a document encouraging senior executives in all software producing organizations to take responsibility for and oversight of the security of the software their organizations produce. In February 2024, the White House released a cybersecurity outline, highlighting the December document. In this work we review the safe languages listed in these documents, and compare the safety of those languages with Erlang and Elixir, two BEAM languages. These security agencies' declaration of some languages as safe is necessary but insufficient to make wise decisions regarding what language to use when creating code. We propose an additional way of looking at languages and the ease with which unsafe code can be written and used. We call this new perspective \em{unsafe impedance}. We then go on to use unsafe impedance to examine nine languages that are considered to be safe. Finally, we suggest that business processes include what we refer to as an Unsafe Acceptance Process. This Unsafe Acceptance Process can be used as part of the memory safe roadmaps suggested by these agencies. Unsafe Acceptance Processes can aid organizations in their production of safe by design software.

查看原文本刊更多论文

不安全的阻抗：安全语言和安全设计软件

2023 年 12 月，来自北美、欧洲和南太平洋五个国家的安全机构编制了一份文件，鼓励所有软件生产组织的高级管理人员对其组织生产的软件的安全性负责和监督。2024 年 2 月，白宫发布了一份网络安全纲要，强调了 12 月份的文件。在这项工作中，我们回顾了这些文件中列出的安全语言，并将这些语言的安全性与 Erlang 和Elixir 这两种 BEAM 语言进行了比较。这些安全机构将某些语言宣布为安全语言是必要的，但不足以让我们在创建代码时明智地决定使用哪种语言。我们提出了另一种看待语言的方法，以及编写和使用不安全代码的可能性。我们将这种新视角称为 "不安全阻抗"。然后，我们将使用不安全阻抗来考察九种被认为是安全的语言。最后，我们建议业务流程包含我们称之为 "不安全验收流程 "的内容。"不安全验收流程 "可作为这些机构建议的内存安全路线图的一部分。不安全验收流程可以帮助企业生产安全的设计软件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

arXiv - CS - Programming Languages

自引率

0.00%

发文量