Language designers and developers want better ways to write good code -- languages designed with simpler, more powerful abstractions accessible to a larger community of developers. However, language design does not seem to take into account security, leaving developers with the onerous task of writing attack-proof code. In 20 years, we have gone from 25 reported vulnerabilities to 6,000+ vulnerabilities reported in a year. The top two types of vulnerabilities for the past few years have been known for over 15+ years.
I'll summarise data on vulnerabilities during 2013-2015 and argue that our languages must take security seriously. Languages need security-oriented constructs, and compilers must let developers know when there is a problem with their code. We need to empower developers with the concept of "security for the masses" by making available languages that do not necessarily require an expert in order to determine whether the code being written is vulnerable to attack or not.
Cristina is the Director of Oracle Labs Australia and an Architect at Oracle. Headquartered in Brisbane, the focus of the Lab is Program Analysis as it applies to finding bugs and vulnerabilities in software and enhancing the productivity of developers worldwide.
Prior to founding Oracle Labs Australia, Cristina was the Principal Investigator of the Parfait bug tracking project at Sun Microsystems, then Oracle. Today, Oracle Parfait has become the defacto tool used by thousands of Oracle developers for bug and vulnerability detection in real-world, commercially-sized C/C++/Java applications.
Prior to her work at Oracle and Sun Microsystems, Cristina held teaching posts at major Australian Universities, and served on the executive committees of ACM SIGPLAN and IEEE Reverse Engineering. On weekends she channels her interests into mentoring young programmers through the CoderDojo network. ( https://labs.oracle.com/people/cristina )
This talk is organized by the Compilers and Languages Group at the Institute of Computer Languages.
Tea at the library of E185/1, Argentinierstr. 8, 4th floor (central) at 10:00.