Year after year, software vulnerabilities continue to arise in operating systems and applications. Most of the time, people blame it on the developers. However, one might also argue that, since generations after generations of developers fall into the same traps, another course of action would be to design better programming languages, or at least to better learn the quirks of current languages.
Since 2007, the French Network and Information Security Agency (ANSSI) has conducted several studies (JavaSec and LaFoSec, whose reports in French have been published). Recently, former ANSSI member Eric Jaeger and the speakers further discussed the question of the intrinsic security characteristics of programming languages in an academic paper. Through illustrations and discussions, it advocates for a different vision of well-known mechanisms and is intended to provide some food for thoughts regarding languages and development tools.
Since 2013, we have been presenting "Mind your languages!" in different seminars, gathering new examples in an ever evolving presentation.
Présenté lors de la conférence HES à Paris, France en octobre 2015BibTeX Présentation Vidéo