Safer and More Vulnerable Programming Languages

Today we live in the world of insecurity and lack of privacy. From the operating systems themselves, to the programs we use every day, it is very common to find all kinds of vulnerabilities that can jeopardize our security. However, whose fault is it that there are security flaws? From the developers? Of programming languages? Are there safe and insecure programming languages? Or are both parties really to blame?

Today’s operating systems and programs are really complex projects. The slightest mistake or mistake in one of the hundreds of libraries can make our program put users at risk. All programming languages are, by default, safe. If we use them well, they don’t have to put users at risk. Although, now, there are languages much more prone to failures (due to mishaps, complexity or lack of security measures) that can lead to vulnerabilities of all kinds.

Safer and More Vulnerable Programming Languages

Safer programming languages

Of all the most used programming languages, the one with the least vulnerabilities is Ruby. This programming language has only been affected by 5% of vulnerabilities. In addition, broadly speaking, it is one of the most secure and robust languages, since although several vulnerabilities have been reported in it, the only one that is really worrying is the possibility of carrying out XSS attacks. If the safest programming language were to be recommended, this would be the ideal one for the title.

open source vulnerabilities

C ++ is another of the programming languages with the fewest vulnerabilities that we can find, with only 6% of vulnerable code. However, it is not exactly one of the most debugged, as it has a large number of memory corruption problems and buffer errors that can lead to more complex computer attacks.

Continuing the list of safe programming languages with fewer vulnerabilities we come to Python. In the past, this language was one of the worst in terms of security. However, in recent years he has improved a lot and has addressed most of the problems that have affected him in the past. Of course, it still has the most critical vulnerabilities that we can find today, such as lack of entry validation, privilege escalation, information leakage and XSS. If we know how to program in Python we can have a robust program. But if we program wrong we will have a strainer, literally.

And it also has special JavaScript mention . This is also widely used in web development and only hides 11% of vulnerabilities. Among its main weaknesses are cryptographic problems, which will force us to use third-party APIs to solve them.

Languages with more vulnerabilities

On the other hand, among the most vulnerable programming languages, the first one that we are going to find is C. And this is obvious, since it is one of the programming languages in which there is more written code (especially old code), so the probability of vulnerabilities being discovered in this code is very high. Of the total vulnerabilities found, 47% is in code written in this programming language. However, bugs as such specific to the language have only been found two, a buffer error and different validation problems.

PHP is one of the most used languages in web programming (backend) and, therefore, one of the most striking for hackers. This is the second programming language with the most vulnerabilities (17% of the total), and what is most striking is that this language is the only one that has critical vulnerabilities such as SQL Injection, and which can also be exploited through from XSS. Two highly exploited vulnerabilities across the network and difficult to eradicate.

And of course we couldn’t finish without talking about Java. The multiplatform programming language so used a few years ago is also one of the most hidden vulnerabilities inside, due to its complexity. 12% of vulnerabilities are found in this programming language, which, although it has lost quite a lot of popularity lately, is still one of the fundamental pillars of Android.

Reuse code: advantage or risk?

Currently it is possible to find a large amount of open source on platforms such as GitHub. This code, depending on the license you have, can be freely reused in other types of projects, which can save us a great deal of time when shaping our programs. However, code reuse hides one of OpenSource’s biggest problems : vulnerabilities.

It is very common for all kinds of developers, including large companies like Microsoft or Google, to take advantage of open libraries to bring certain functions and features to users. So far so good, since, in addition, it provides a bit of transparency to the opaque projects that these companies usually create. However, we must bear in mind a very important handicap: a vulnerability in an open source library will automatically jeopardize all projects that use it.

We have already seen major vulnerabilities (such as OpenSSL) that have put the security of thousands of programs and platforms around the world in check. Furthermore, when a vulnerability of this type is discovered, it is necessary, on the one hand, for the developer of the original project to update their library, and on the other hand, for the developers of the vulnerable programs to include the new version in their program through an update.

Code reuse is one of the characteristics of modern programs and systems. But we should never trust ourselves, since the probability of a vulnerability appearing in the code we have used is much higher than if we had created the code ourselves.