TU Wien Informatics

20 Years

“It’s Time for Secure Languages”

  • 2017-02-23
  • Research

Empowering developers with the concept of “security for the masses” do not necessarily require an expert in order to determine the code’s vulnerability.

Abstract

Language designers and developers want better ways to write good code – languages designed with simpler, more powerful abstractions accessible to a larger community of developers. However, language design does not seem to take into account security, leaving developers with the onerous task of writing attack-proof code. In 20 years, we have gone from 25 reported vulnerabilities to 6,000+ vulnerabilities reported in a year. The top two types of vulnerabilities for the past few years have been known for over 15+ years.

I’ll summarise data on vulnerabilities during 2013-2015 and argue that our languages must take security seriously. Languages need security-oriented constructs, and compilers must let developers know when there is a problem with their code. We need to empower developers with the concept of “security for the masses” by making available languages that do not necessarily require an expert in order to determine whether the code being written is vulnerable to attack or not.

Biography

Cristina is the Director of Oracle Labs Australia and an Architect at Oracle. Headquartered in Brisbane, the focus of the Lab is Program Analysis as it applies to finding bugs and vulnerabilities in software and enhancing the productivity of developers worldwide.

Prior to founding Oracle Labs Australia, Cristina was the Principal Investigator of the Parfait bug tracking project at Sun Microsystems, then Oracle. Today, Oracle Parfait has become the defacto tool used by thousands of Oracle developers for bug and vulnerability detection in real-world, commercially-sized C/C++/Java applications.

Prior to her work at Oracle and Sun Microsystems, Cristina held teaching posts at major Australian Universities, and served on the executive committees of ACM SIGPLAN and IEEE Reverse Engineering. On weekends she channels her interests into mentoring young programmers through the CoderDojo network. ( https://labs.oracle.com/people/cristina )

Note

This talk is organized by the Compilers and Languages Group at the Institute of Computer Languages. Tea at the library of E185/1, Argentinierstr. 8, 4th floor (central) at 10:00.

Speakers

Curious about our other news? Subscribe to our news feed, calendar, or newsletter, or follow us on social media.

Note: This is one of the thousands of items we imported from the old website. We’re in the process of reviewing each and every one, but if you notice something strange about this particular one, please let us know. — Thanks!