When using a piece of software you are sure to have experienced a bug. No? Think of your Twitter or Uber app, has it ever done something that you know it really shouldn’t or didn’t do previously? Yes? Then you have definitely experienced a bug. This is a small scale issue but some bugs can have detrimental effects especially when it comes to security. This post will take a closer look at the impact the type of programming language can have on cloud based software security.
What is a bug?
Techopedia describes a software bug as 'a problem causing a program to crash or produce invalid output. The problem is caused by insufficient or erroneous logic. A bug can be an error, mistake, defect or fault, which may cause failure or deviation from expected results.' In simple terms a bug is an issue or error that causes a software program or system to behave in an incorrect or unexpected way.
Software is complex and the programming language behind it extremely detailed. With anything complicated there is always room for error whether it be big or small. The most serious of errors could be said to be a security bug also know as a security vulnerability which is a weakness that increases the likelood of hacking success.
Impacts of security bugs
Throughout history there have been huge repercussions caused by security vulnerabilities resulting in issues for both organisations and the public. An example of this is the Heartbleed Bug which was publicised in 2014 following the revelation that the security vulnerability may have been allowing hackers to expose personal details and passwords for at least 2 years.
Bruce Schneier, a security expert remarked that the incident was an 11 on a scale of 1 to 10.
The bug was found in OpenSSL, a piece of open source software written in C designed to encrypt communications between a user's computer and a web server. In turn around half a million sites were impacted and rendered insecure.
Types of programming languages
There are many, many different kinds of programming languages out there. Similarly to human languages, programming languages are created by humans and therefore have different ways of saying the same things. However there are also much larger in-depth technical differences between the languages which is why one language may be chosen over another as well reasons including the availability of skilled developers.
Veracode recently published a report after studying a number of popular languages. The report examined over 50,000 applications in languages including PHP, Classic ASP, .NET, Java, JavaScript, Ruby, ColdFusion, and COBOL.
The worst programming languages
- 86% of applications written in PHP revealed, at least, one cross-site scripting (XSS) vulnerability
- 64% of applications that were written in ColdFusion and Classic ASP showed, at least, one bug
- Findings from OWASP (a non-for-profit organisation to improve software security) test results showed that ColdFusion, PHP, and Classic ASP are the worst languages in terms of software security
The best programming languages
- .NET and Java were the two safest programming languages and also the most widely used
- .NET is favoured by industries such as Government and Healthcare whereas Java is favoured by the Manufacturing and Technology industries
Conclusion
In an age of increasing security consciousness it would be certainly considered wise to allow software programming language to influence your decision on selecting a cloud based software solution. This is especially relevant when selecting a business critical system such as a CRM or LMS. Consider the impact that a security incident could have on your operations.
accessplanit's cloud based training management system is written under the .NET framework which is considered one of the best languages in terms of security incidents while PHP, Classic ASP and ColdFusion were found to be the worst.
Other articles you might find interesting include:
Software Jargon Simplified: TMS, CRM, LMS, SaaA, ERP, CMS
