On Sun, May 04, 2014 at 09:24:08AM +0200, Cecil Westerhof wrote: > I heard the stand that functional programming made it difficult to > write secure programs. I do not know enough of functional > programming yet to determine the value of a statement like this. > What is the take here about it?
It would be interesting to hear WHY functional programming would yield less secure programs. What would then be the paradigm that results in most security? Imperative, logical? Here is my take on it: It's widely acknowledged that writing secure programs is difficult. I'd even go as far as saying that it's an inherently complex problem in real-life applications. And as Brooke tells us, if we reduce incidental complexity we can concentrate on the inherent complexity. That would point us in the direction of high-level languages that dispenses with distractions like memory management.[^1] Many programs worth writing becomes large, size is in itself a contributor to complexity. So expressive languages will arguably aid reducing the size of the code. Security and correctness are related, and arguing about correctness in the face of shared state is tough, so even though Strachey tells us we can get referential transparency in imperative languages it is my experience that very few developers write imperative code with shared state that is easy to argue about. That means we want immutability as deeply rooted in the language as possible. I think this all adds up to pure functional languages being an excellent choice if you want to write secure code. There are of course exceptions, e.g. in some very specialised applications you need to have extremely fine control over the behaviour of the computation is carried out. In these cases you'll need languages that have a computational model that is closer to the CPU (i.e. imperative). Of course you'll restrict the use of that language to the "primitives" that require it and then make the jump to a higher-level language as soon as possible. /M [^1]: In a reverse-engineering course Halvar Flake told us that the first thing he looks for when starting to analyse an application is the memory management. If the developers have decided to roll their own memory management it's almost certain there's a security bug in there somewhere. -- Magnus Therning OpenPGP: 0xAB4DFBA4 email: mag...@therning.org jabber: mag...@therning.org twitter: magthe http://therning.org/magnus Heuristic is an algorithm in a clown suit. It’s less predictable, it’s more fun, and it comes without a 30-day, money-back guarantee. -- Steve McConnell, Code Complete
pgpmt5mpzGHqz.pgp
Description: PGP signature
