the problem

Since automated information systems exist connected to the network, the so-called "cyber threat" is known to be a major threat to the continuity of security and business. One of the first worms, "Morris-Worm", destroyed the infrastructure of early Internet e-mail. Cyber ​​Threat is not fully understood even by many software industry executives, and the situation between the software user community is worse. An Asian country representative recently sabotaged the Google Mail sign-in system by exploiting a vulnerability in the Internet browser used by Google employees. The Asian nation state is also suspected of downloading the complete design schemes of the largest European jet engine manufacturer.

Cyber ​​Threat is real and could have serious long-term consequences for those who fall into the "receiving end" of a cyber attack.

The solution

Unfortunately, there is no "silver bullet" solution to this problem. Instead, a holistic solution that includes technology and business processes, user education and security rules should be used to properly secure valuable data. Clear support from the CEO, CIO and CFO is clearly required to achieve this. Financial managers realize that there are strategic business risks, which are difficult to quantify from a monetary point of view, but they know that these risks may kill the entire business if left unaddressed. For example, criminal accounting practices for middle-level managers can kill any company, so the CFO will have to ensure that accounts are regularly audited by an independent authority. It will take the same effort to secure corporate confidential data against the Internet threat.

This article covers a major aspect of defense against Cyber ​​Threats Protection. It is important to note that, once again, there is no "silver bullet" to secure a critical software system, but many security flaws today (such as "Buffer Overflow Exploits") can be avoided by simply using Safe Programming Language. This type of programming language will ensure that low-level cyberattacks are automatically thwarted by the system's infrastructure.

What is "Safe Programming Language"?

As with many topics in information technology, there is no reliable definition of the term. Vendors and consultants bend this term to suit their needs. My identification is simple: The Safe Programming Language (SPL) ensures that the program's runtime (such as stack, stack, pointers, or device code) cannot be sabotaged due to a programming error. SPL will make sure the process ends once a low-level error condition is detected. Cyber ​​Attacker will not be able to sabotage the program's runtime and "pump" its malware code. The programmer can then examine the "residues" of the finished process (such as a base file) in a useful way to analyze and correct the programming error.

Examples of safe programming languages ​​(in alphabetical order): C #, Cyclone, Java, Sappeur, SPARK Ada, Modula-3, and Visual Basic.Net

Examples of unsafe programming languages ​​(in alphabetical order): Ada, assembly language, C, C ++, Fortran, Modula-2, (Object-) Pascal

What should I do as a programmer?

When you start a new software development project, select a safe programming language, instead of choosing an "industry standard" for unsafe languages ​​like C or C ++. There are high-performance languages ​​like Cyclone, Modula-3 and Sappeur, which can compete with C / C ++ in terms of memory requirements and time processing. Don't think you are "one of the few programmers who can write error free code".


Leave a Reply