How to Measure Security of a programming Language?
In order to check vulnerabilities in any language, it’s crucial to consider various factors such as Buffer Flow vulnerability, Common Weakness Enumeration (CWE), Heartbleed Bug, etc. The survey was done on seven most popular programming languages like PHP, Python, Java, Ruby, JavaScript, C and C++. They have also pulled out their information from various databases such as security advisories, GitHub issue trackers, the national vulnerability database, etc. Read: Top 5 Highest Paying Programming Languages of 2019
Most Secure Programming Languages
Ruby
As per the survey, Ruby has the minimum number of security vulnerabilities and so can be considered as the most secure programming language. In terms of CWEs, the most common CWe is XSS vulnerabilities, but there are also some other CWEs found such as CWE-20, CWE-200, CWE-264 and CWE 284. On average, Ruby has faced only 19% of severe vulnerabilities in the past five years.
C++
C++ is also coming under secure programming languages. In the last five years, the high severity vulnerabilities are 36% on average but the number of vulnerabilities found is quite less. The per the report, they have only found two vulnerabilities in this language such as Buffer Errors (CWE-119) and Validation Issues (CWE-20). Also Read: 6 Best IDEs For C and C++ Programming Language
Python
There was a time when Python reached a peak in terms of vulnerabilities but now has improved a lot. Input Validation (CWE-20, Permissions, Privileges and Access Control (CWE-264), Information Leak/ Disclosure (CWE-200) and Cross-Site Scripting (CWE-79) are some of the dominating vulnerabilities in Python. This language has the lowest (average 15%) high severity vulnerabilities in the last five years.
JavaScript
Being one of the most popular programming languages, JavaScript saw a continuous increase in the number of vulnerabilities in the last ten years. Taking about higher severity vulnerabilities, they are 31% on average in the last five years. The most common Weakness Enumerations (CWEs) in JavaScript are Path Traversal (Cwe-22) and Cryptographic Issues (CWE-310).
Java
Another popular language Java is also facing a constant rise in the number of vulnerabilities since 2016. If you look at the stats, they were nearly doubled in 2018 as compared to 2017. The high severity vulnerabilities are 19% on average in the last five years which is also decreasing since 2015.
PHP
PHP has the largest number of vulnerabilities among all the languages. It’s the only language with SQL Injection (CWE-89) vulnerability which had been rising in 2017 and 2018. Another common vulnerability associated with PHP is Cross-Site scripting (CWE-79). The average high severity vulnerabilities over the last five years are 16%, quite consistent after a sharp decline in 2017. Also Read: Top 5 Best PHP Frameworks For Web Development
C
C, being the mother of all programming languages account for more than 50% of all the reported open source vulnerabilities since 2019. Besides vulnerabilities, it also has a high number of memory corruption issues like Buffer Errors (CWE-119). The high severity vulnerabilities in the last five years are 26% on average, considering a notable spike in 2017. Recommended: Is C Programming language Still Worth Learning in 2019?
Final Words
I hope you found this list useful and will now see the programming languages also from the security aspects. However, I suggest you do not run behind finding the most secure language instead focus on how to write code in the most secure way in your own preferred language.