Every developer has their own set of preferences when it comes to their favorite programming language. Frankly speaking, there’s no such official term like ‘most secure language’. But the latest survey conducted by WhiteSource has revealed some important security aspects of different programming languages.
How to Measure Security of a programming Language?
Most Secure Programming Languages
As per the survey, Ruby has the minimum number of security vulnerabilities and so can be considered as the most secure programming language. In terms of CWEs, the most common CWe is XSS vulnerabilities, but there are also some other CWEs found such as CWE-20, CWE-200, CWE-264 and CWE 284. On average, Ruby has faced only 19% of severe vulnerabilities in the past five years.
C++ is also coming under secure programming languages. In the last five years, the high severity vulnerabilities are 36% on average but the number of vulnerabilities found is quite less. The per the report, they have only found two vulnerabilities in this language such as Buffer Errors (CWE-119) and Validation Issues (CWE-20).
There was a time when Python reached a peak in terms of vulnerabilities but now has improved a lot. Input Validation (CWE-20, Permissions, Privileges and Access Control (CWE-264), Information Leak/ Disclosure (CWE-200) and Cross-Site Scripting (CWE-79) are some of the dominating vulnerabilities in Python. This language has the lowest (average 15%) high severity vulnerabilities in the last five years.
Another popular language Java is also facing a constant rise in the number of vulnerabilities since 2016. If you look at the stats, they were nearly doubled in 2018 as compared to 2017. The high severity vulnerabilities are 19% on average in the last five years which is also decreasing since 2015.
PHP has the largest number of vulnerabilities among all the languages. It’s the only language with SQL Injection (CWE-89) vulnerability which had been rising in 2017 and 2018. Another common vulnerability associated with PHP is Cross-Site scripting (CWE-79). The average high severity vulnerabilities over the last five years are 16%, quite consistent after a sharp decline in 2017.
C, being the mother of all programming languages account for more than 50% of all the reported open source vulnerabilities since 2019. Besides vulnerabilities, it also has a high number of memory corruption issues like Buffer Errors (CWE-119). The high severity vulnerabilities in the last five years are 26% on average, considering a notable spike in 2017.
I hope you found this list useful and will now see the programming languages also from the security aspects. However, I suggest you do not run behind finding the most secure language instead focus on how to write code in the most secure way in your own preferred language.