Follow

Should all critical cyber infrastructure be written in languages that seek to guarantee safety, such as Haskell or Rust?

@johnabs depends on your def of safety. and "cyber infrastructure". also, maybe they "seek" it, but do they "find" safety?

@2ck
Well

Safety as in: highly resistant to malicious attacks or critical runtime bugs.

Cyber infrastructure: "systems that control the backbone of modern society such as electrical grid load balancers, banking transfer networks, etc."

Of course safety isn't ever guaranteed; however, it seems to me that many existing systems are reliant on legacy, non auditable code which could be exploited by increasingly sophisticated methods. Ukraine faced a MASSIVE attack recently and I am concerned similar attacks may happen but could be prevented or mitigated by switching to languages that make it harder to write unsafe/vulnerable code.

@johnabs I think there is something to be gained from building new systems using languages that rule out certain classes of bug, but I wouldn't make rewriting software for fielded systems that have operated for decades my starting position if I were auditing a system for security and reliability.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.