Requirements for a Secure Programming Language (R) :
- No buffer overflows
- Strongly typed language including integrated secure datatypes like Email addresses, IP addresses
- Secure Database interface (not directly SQL!)
- Easier to correctly verify parameters for complex datatypes (like email addresses, ...) than not to verify it correctly
- Easier to develop secure code than to develop insecure code
- Makes possibly insecure code VISIBLE by UPPERCASE
- Useable for Web-Applications, Deamons, Standalone applications, ...
- No insecure Exception-Handling (See C++ where anything can throw any exceptions, which undocumentedly break the interface specification)
- Not using insecure linking (if possible not using linking at all)
- Tainting mode (see Perl)
- Secure ABI (see how "const" parameters are included in the C++ ABI, and how linkers care about it)
- No self-modifying
- No dynamic loading of code
- Static linking possible
Optional features (O):
- Object oriented (but CLEAN object orientedness, not C++ style)
- Easy to learn, Easy to read
- Both available as a compiled and as an interpreted language
- Realtime capability
> 1 % market share in at least one area
Possible options:
ADA
- Market share?
E
- Market share?
Python
- Spaces change the semantics of the code, and can too easily break the code.
Smalltalk
- Market Share?
Perl
- Depends on the developer
Pascal
Less considered options:
Java
- does not respond to some of the criterias see R6 R13 R14 while GNU Java can be compiled
- has a wide programmer audience but has also it's butch of lazy programmers too, prone to unsecure programming
- will been released with an "open" license in Java JDK 6 (statement to be completed)
===