Should all critical cyber infrastructure be written in languages that seek to guarantee safety, such as Haskell or Rust?
@johnabs depends on your def of safety. and "cyber infrastructure". also, maybe they "seek" it, but do they "find" safety?
@2ck
Well
Safety as in: highly resistant to malicious attacks or critical runtime bugs.
Cyber infrastructure: "systems that control the backbone of modern society such as electrical grid load balancers, banking transfer networks, etc."
Of course safety isn't ever guaranteed; however, it seems to me that many existing systems are reliant on legacy, non auditable code which could be exploited by increasingly sophisticated methods. Ukraine faced a MASSIVE attack recently and I am concerned similar attacks may happen but could be prevented or mitigated by switching to languages that make it harder to write unsafe/vulnerable code.
@johnabs I think there is something to be gained from building new systems using languages that rule out certain classes of bug, but I wouldn't make rewriting software for fielded systems that have operated for decades my starting position if I were auditing a system for security and reliability.
