Sign In

Communications of the ACM

ACM TechNews

New Nsa-Funded Programming Language Could Close Long-Standing Security Holes


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A fish-eye view of a coding classroom.

An author says software development projects exceeding 512,000 lines of code should expect four to 100 coding errors per 1,000 lines of code. Those errors create opportunities for criminal hackers to enter and attack an enterprise.

Credit: Paul Downey

Steve McConnell, author of "Code Complete," says when software development projects exceed 512,000 lines of code, there is a chance four to 100 coding errors will occur per 1,000 lines of code. Such errors create software vulnerabilities that criminal hackers can use to enter and attack an enterprise.

The U.S. National Security Agency-funded Wyvern programming language from Carnegie Mellon University (CMU) seeks to limit coding errors via the secure use of five programming languages inside the host language, says CMU professor Jonathan Aldrich. He serves as research leader for the group behind the Wyvern project.

Aldrich says programmers can import existing languages or languages they create into Wyvern and use it with other languages. Moreover, associating domain-specific notation with the type ensures the compiler knows what the intended language is.

Wyvern project developers also plan to add architectural control as a feature of the language.

However, Wyvern itself could be vulnerable to attack, warns Secure Channels' Robert Coleridge. He says Wyvern is a meta-language rather than a true programming language that wants to enable people to use different languages. "With anything that flexible, it could be easy to slip malware and viruses into it," Coleridge says.

From CSO Online
View Full Article

 

Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA


 

No entries found