In debates over the best and worst programming languages to learn, security is often a factor used to support one language or discredit another, according to a Tuesday report from WhiteSource. But which languages are the most and least secure in the end?
To answer this question, the report compiled information from WhiteSource’s database, which aggregates information on open source vulnerabilities from sources including the National Vulnerability Database (NVD), security advisories, GitHub issue trackers, and popular open source projects issue trackers. Researchers focused in on open source security vulnerabilities in the seven most widely-used languages of the past 10 years to learn which are most secure, and which vulnerability types are most common in each.
SEE: How to launch a successful developer career (Tech Pro Research)
Here’s how the seven most widely-used coding languages stack up when it comes to the total open source security vulnerabilities per language, according to the report:
- C (47%)
- PHP (17%)
- Java (11%)
- JavaScript (10%)
- Python (5%)
- C++ (5%)
- Ruby (4%)
C has the highest number of vulnerabilities out of these seven languages, accounting for nearly 50% of all reported vulnerabilities over the last 10 years, according to the report. However, this does not mean that C is an inherently more vulnerable language, the report noted: Developers have to keep in mind that C has been in use for much longer than most other languages and has the highest volume of written code, making it natural that it would have more known vulnerabilities than the rest.
The number of open source vulnerabilities found in each programming language rose significantly over the past 10 years, the report found, with a particular jump in 2017. This is partially due to the rise of popularity of open source, and increased awareness of security vulnerabilities in open source components, leading to more issues discovered it noted. Automated security tools and growing investments in bug bounty programs have also contributed to the increase in reported issues.
The most common vulnerabilities across most of these languages are Cross-SiteScripting (XSS); Input Validation; Permissions, Privileges, and Access Control; and Information Leak / Disclosure, according to the report.
Despite the rise in vulnerabilities overall, the number of high-severity vulnerabilities across all programming languages fell in most languages over the last decade, the report found.
To learn more about the best programming languages to learn, check out the TechRepublic how to become a developer cheat sheet.