Home → News → New Nsa-Funded Programming Language Could Close Long... → Full Text

New Nsa-Funded Programming Language Could Close Long-Standing Security Holes

By CSO Online

September 18, 2014

[article image]

Steve McConnell, author of "Code Complete," says when software development projects exceed 512,000 lines of code, there is a chance four to 100 coding errors will occur per 1,000 lines of code. Such errors create software vulnerabilities that criminal hackers can use to enter and attack an enterprise.

The U.S. National Security Agency-funded Wyvern programming language from Carnegie Mellon University (CMU) seeks to limit coding errors via the secure use of five programming languages inside the host language, says CMU professor Jonathan Aldrich. He serves as research leader for the group behind the Wyvern project.

Aldrich says programmers can import existing languages or languages they create into Wyvern and use it with other languages. Moreover, associating domain-specific notation with the type ensures the compiler knows what the intended language is.

Wyvern project developers also plan to add architectural control as a feature of the language.

However, Wyvern itself could be vulnerable to attack, warns Secure Channels' Robert Coleridge. He says Wyvern is a meta-language rather than a true programming language that wants to enable people to use different languages. "With anything that flexible, it could be easy to slip malware and viruses into it," Coleridge says.

From CSO Online
View Full Article


Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA


No entries found