Simon Peyton Jones

It's tragic how much effort and ingenuity and money is being lost and waste of resources just because we wrote our computational infrastructure for the world in an insecure language.

I just said 99%.

I didn't say a hundred.

If I write a Haskell program that says, receive message, if the message says, tell me everything, then spit out my entire database in reply.

No language could stop you doing that, right?

But if you look at the program and it doesn't have any such things, right?

So, you know, nothing can prevent you against high-level attacks to insecure programs.

Or, I mean, another example might be deadlock, right?

Two services, no matter how securely written, if A waits for B and B waits for A, deadlock.

Sorry.

No, and no language is going to stop you doing that.

You might hope for some high-level verification tools.

But it's like, surely if you're trying to do something hard, like prove that that doesn't happen, you want to have a foundation that is, you know, in which you've got some bedrock to stand on.

If you're standing on sand and trying to prove some advanced property, it's very, very difficult.

But good point.

I'm not talking about 100% security.

Absolutely not.

But how many exploits are based on buffer overruns?

or pointer manipulation that's gone wrong.

If you couldn't have a buffer over run, you couldn't do pointer manipulation, those just wouldn't exist.