Today’s languages do not support our developers in writing secure code for the most common types of vulnerabilities, such as buffer errors, injection attacks, and information leaks. We are exploring secure language concepts and secure abstractions that can be applied in future languages to prevent these vulnerabilities.
The secure language concepts we are exploring need to extend the boundaries across different languages used in cloud applications, as well as extend into the databases used by such applications.
How we meet that challenge
Why not introduce secure language concepts into a multi-lingual, database-backed, memory-safe runtime, while at the same time improve compiler information flow tracking? We are starting to work on enhanced compiler and runtime to support security abstractions in these runtime conditions while we keep track of interoperability across the multiple languages.