Re: Thoughts on Shellshock and beyond

[Tim <tim-security () sentinelchicken org>]

> While it is too late for our hardware etc. perhaps strong type systems such as
> found in Haskell can help here? It is known to be very good at avoiding
> undefined or unexpected runtime behavior. Too late also for current languages
> to have this bolted on but if anyone wanted to write "secure" software I'd be
> looking at languages which provide some more guarantees. Too late for bash
> also, of course which I suppose points us back at the original problem.


I agree significant security benefit can be gained from these kinds of
approaches.  The trick is, convincing people to use such a language.  

Things like JavaScript and PHP are wildly popular because they are so
easy to get started with.  Minimal learning curve counts for a lot.
That, and rapid development of new functionality is king in business.
How can strongly typed functional language compete?

tim