Building secure software: Your language matters!

Military Embedded Systems — December 1, 2006

Feature / Discussion: Winter 2006Producing secure systems requires advance planning: You have to design security in from the start, rather than reactively patch software in response to vulnerability reports. This “security up front” approach demands programming languages that help prevent bugs and insecurities from being introduced into software in the first place, static analysis tools that catch errors early, and development techniques that can provide confidence in the correctness of the resulting system. The Ada and SPARK languages satisfy these requirements more easily than alternatives such as C, C++, and Java, and SPARK has advanced the state of the practice with its rigorous proof-based approach to system security verification.

Full Text: Download PDF