Security Lessons From a New Programming Language

Security Lessons From a New Programming Language
A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process.

When a security researcher needs to create an application, there are many choices in terms of programming languages and frameworks. But when project requirements include SSL and an embedded Internet of Things (IoT) platform, the number of good options becomes limited. That's why Thomas Pornin decided to build his own language.


Pornin, who is technical director and member of the cryptography services practice at NCC Group, has been thinking about programming languages, their strengths, and their weaknesses for more than 30 years. He has worked on many different, complex tech deployments and has the experience of launching an open source project, BearSSL, an SSL stack that is smaller than most SSL implementations available to ..