Security: What Are The Most Secure Programming Languages (State of Open Source Security Report)

A report on "security of programming languages" used in open source.

Quoting:
"Behind every developer is a beloved programming language. In heated debates over which language is the best, the security card will come into play in support of one language or discredit another.
We decided to address this debate and put it to the test by researching WhiteSource’s comprehensive database. We focused on open source security vulnerabilities in C, Java, JavaScript, Python, Ruby, PHP, and C++, to find out which programming languages are most secure, which vulnerability types (CWEs) are most common in each language, and why."

What Are The Most Secure Programming Languages

To download the report: https://resources.whitesourcesoftware.com/blog-whitesource/is-one-language-more-secure

Quoting:

"Language vulnerabilities

Let’s look at the list from the report and break it down.
Total reported open source vulnerabilities per language:

1. C (46.9%)
2. PHP (16.7%)
3. Java (11.4%)
4. JavaScript (10.2%)
5. Python (5.45%)
6. C++ (5.23%)
7. Ruby (4.25%)

WhiteSource pulled their info from their database which includes multiple sources including “the National Vulnerability Database, security advisories, GitHub issue trackers, and popular open source project issue trackers”."

Quote Source: https://jaxenter.com/security-vulnerabilities-languages-157038.html

Scrum: Technical Debt and Tetris?

An interesting analogy that involves... TETRIS!!!
The simple idea is that lines with holes in Tetris (that will not disappear) might eventually pile up until you're... dead!
Game over.
Just like technical debt in "scrappy" Scrum:

Technical Debt is like Tetris – Eric Higgins – Medium

Security: The "cheap" that might be expensive?

The "cheap" that might be expensive? Password security implemented by juniors "smells" bad?

Study shows programmers will take the easy way out and not implement proper password security | ZDNet

Quoting:
"Of the 260 developers, only 43 took up the job, which involved using technologies such as Java, JSF, Hibernate, and PostgreSQL to create the user registration component.

Of the 43, academics paid half of the group with €100, and the other half with €200, to determine if higher pay made a difference in the implementation of password security features.

Further, they divided the developer group a second time, prompting half of the developers to store passwords in a secure manner, and leaving the other half to store passwords in their preferred method --hence forming four quarters of developers paid €100 and prompted to use a secure password storage method (P100), developers paid €200 and prompted to use a secure password storage method (P200), devs paid €100 but not prompted for password security (N100), and those paid €200 but not prompted for password security (N200)."
(...)
"Of the secure password storage systems developers chose to implement for this study, only the last two, PBKDF2 and Bcrypt, are considered secure.

8 - Base64
10 - MD5
1 - SHA-1
3 - 3DES
3 - AES
5 - SHA-256
1 - HMAC/SHA1
5 - PBKDF2
7 - Bcrypt"

SW Construction: Good code?

Principles, books, tools for productivity and metrics and more:
https://www.dotnetcurry.com/patterns-practices/1358/code-quality-tools

SW Construction: The bots that help improving Facebook's Code - IEEE Spectrum

Meet the Bots That Review and Write Snippets of Facebook's Code - IEEE Spectrum



Quoting:

"A null pointer exception is like having the address to a house that was never built. It means a programmer has referred to an object that doesn’t actually exist because it was never described in the code. Null pointers are extremely common and relatively easy to fix—easy enough to be boring, in fact.

Unfortunately, the tedious work of finding and fixing errors like these still takes up much of a developer’s time and mental energy. A 2016 evaluation of 1,000 Android apps [PDF] found that null pointers caused more crashes than any other kind of error, including illegal arguments, array index out of bounds exceptions, and bad tokens.

To make its developers’ jobs more rewarding, Facebook is now using two automated tools called Sapienz and SapFix to find and repair low-level bugs in its mobile apps. Sapienz runs the apps through many tests to figure out which actions will cause it to crash. Then, SapFix recommends a fix to developers, who review it and decide whether to accept the fix, come up with their own, or ignore the problem. "
(...)
"Facebook’s developers make more than 100,000 commits every week, and the Facebook app for Android contains millions of lines of code. Sapienz runs hundreds of emulators around the clock to review code before and after it’s shipped, conducting tens of thousands of tests every day. "

SW Construction: Julia fastest-growing new programming language?

O "índice de macheza" da sua linguagem de programação, TIOBE Index, traz novidades:

Stats chart rapid rise in 2018 for Julia programming language
Is Julia fastest-growing new programming language? Stats chart rapid rise in 2018 | ZDNet

BOOK: Continuous Delivery Handbook: Non Programmer’s Guide to DevOps, Microservices and Kubernetes (Stephen Fleming)

Amazon.com: Continuous Delivery Handbook : Non Programmer’s Guide to DevOps, Microservices and Kubernetes eBook: Stephen Fleming: Kindle Store

Quoting;

"(...) after going through this guide you would be able to appreciate Continuous Delivery through DevOps, Microservices and other related concepts like Kanban, Scrum, Agile, SOA, Monolith Architecture, DevOps, Docker, Kubernetes etc.

-      This guide will clarify your conceptual queries with case studies, examples and diagrams.

-      You would also get to know about the leaders in DevOps and Microservices adoption and impact it had on the overall agility and hyper-growth of the adopters. This book covers the complete lifecycle for your understanding like Integrating, Testing, Deploying DevOps and Microservices architecture and the Security concerns while deploying it.

-      I am confident that after going through the book you would be able to navigate the discussion with any stakeholder and take your agenda ahead as per your role. Additionally, if you are new to the industry, and looking for an application development job, this book will help you to prepare with all the relevant information and understanding of the topic.

-      So, as Charles Darwin Said “It is not the strongest of the species that survive, or the most intelligent, but the one most responsive to change.” Be adaptive to the changes in the software Development Industry and ride ahead with Continuous Delivery."