Comment Re:Since these people still don't get it.... (Score 1) 79
Don't get me wrong: safer programming languages and runtimes definitely help, especially with buffer overflows (thanks C++!), but it's one aspect of many that impact security.
it won't prevent devs from concatenating SQL with user input
You can't do this in, say Haskell, unless you write your own SQL interface library that builds solely on strings.
Granted, I lost interest in Haskell somewhere around hitting the Functor/Monad point, but if devs can send raw SQL to the database, they will do so.
misusing threading primitives
You can't do this in concurrent safe languages, like Concurrent ML, Rust and Haskell.
Yes, you can.
So basically, safety properties have importance on par with domain requirements, and must be subject to the same rigour that domain features get, ie. testing, verification, etc.
Good luck spreading that attitude. Makers of device drivers, SCADA, etc., dearly need it.
Basically, the safer the language, in the sense that the more properties can be assured at compile-time, the more features and safety properties you can verify, and the fewer security vulnerabilities.
That helps get us closer, certainty. The language and runtime can help catch/eliminate common, elementary mistakes. It's not the silver bullet though: wherever creative work is being done, therein lies the potential for new vulnerabilities.