The History of Programming Languages
Programming languages enable users to write programs for specific computations/algorithms.
- 1843: Ada Lovelace credited with first computer programming language; wrote an algorithm for the Analytical Engine (early mechanical computer)
- There are 1.2M+ computer programmers and software developers in the US
Infographic by Veracode Application Security
The TIOBE index: An indicator of the popularity of various languages, based upon global numbers of engineers, courses, and third-party vendor
2013 TIOBE Index
|Position Jan 2013||Position Jan 2012||Delta in Position||Programming Language||Ratings Jan 2013||Delta Jan 2012||Status|
See Source 5
The History and Influence of Programming Languages
1957 – Fortran (short for “The IBM Mathematical Formula Translating System”) General-purpose, high-level. For numeric and scientific computing (as an alternative to assembly language). Oldest programming language still used today.
- Creator: John Backus of IBM
- Primary Uses: Supercomputing applications (i.e. weather and climate modeling, animal and plant breeding, computational science functions)
- Used By: NASA
1958 – Lisp (short for “List Processor”) High-level. For mathematical notation. Several new computer science topics: tree data structures, automatic storage management, dynamic typing, and self-hosting compilers
- Creator: John McCarthy of MIT
- Primary Uses: AL development, air defense systems
- Used By: Etsy uses Clojure, a dialect of Lisp
1959 – Cobol (short for “Common Business-Oriented Language) High-level. Primarily for business computing. First programming language to be mandated by the US Department of Defense.
- Creator: Short Range Committee (SRC)
- Primary Uses: Business software (esp. finance and administration systems, but also banks, insurance agencies, governments, military agencies)
- Used By: Credit cards, ATMs
- *Fun Fact Action movie The Terminator used samples of Cobol source code for the text shown in the Terminator’s vision display.
1964 – BASIC (acronym for “Beginner’s All-purpose Symbolic Instruction Code”) General-purpose, high-level. Designed for simplicity. Popularity exploded in the mid-‘70s with home computers; early computer games were often written in Basic, including Mike Mayfield’s Star Trek.
- Creator: John George Kenny and Thomas Eugene Kurtz of Dartmouth (SRC)
- Primary Uses: Home computers, simple games, programs, utilities
- Used By: Microsoft’s Altair BASIC, Apple II
1970 – Pascal (after French mathematician/physicist Blaise Pascal) High-level. For teaching structured programming and data structuring. Commercial versions widely used throughout the ‘80s.
- Creator: Niklaus Wirth
- Primary Uses: Teaching programming. Also – Object Pascal, a derivative, is commonly used for Windows application development
- Used By: Apple Lisa (1983), Skype
- Creator: Dennis Ritchie of Bell Labs
- Primary Uses: Cross-platform programming, system programming, Unix programming, computer game development
- Used By: Unix
1980 – Ada (After Ada Lovelace, inventor of the first programming language) High-level. Derived from Pascal. Contracted by the US Department of Defense in 1977 for developing large software systems.
- Creator: Jean Ichbiah
- Primary Uses: Dept. of Defense, banking, manufacturing, transportation, commercial aviation
- Used By: NSTAR, Reuters, NASA, subways worldwide
1983 – C++ (formerly “C with Classes”; ++ is the increment operator in “C”) Intermediate-level, object-oriented. An extension of C, with enhancements such as classes, virtual functions, and templates.
- Creator: Bjarne Stroustrup
- Primary Uses: Commercial application development, embedded software, server/client applications, video games
- Used By: Adobe, Google Chrome, Mozilla Firefox, Microsoft Internet Explorer
1983 – Objective-C (object-oriented extension of “C”) General-purpose, high-level. Expanded on C, adding message-passing functionality based on Smalltalk language.
- Creator: Brad Cox and Tom Love of Stepstone
- Primary Uses: Apple programming
- Used By: Apple’s OS X and iOS operating systems
1987 – Perl (a language named “PEARL” already existed, so “Pearl” wasn’t an option…) General-purpose, high-level. Created for report processing on Unix systems. Today it’s known for high power and versatility.
- Creator: Larry Wall of Unisys
- Primary Uses: CGI, database applications, system administration, network programming, graphics programming
- Used By: IMDb, Amazon, Priceline, Ticketmaster
1991 – Python (for British comedy troupe Monty Python – tutorials, sample code, and instructions often reference them) General-purpose, high-level. Created to support a variety of programming styles and be fun to use.
- Creator: Guido Van Rossum of CWI
- Primary Uses: Web application, software development, information security
- Used By: Google, Yahoo, Spotify
1993 – Ruby (the birthstone of one of the creator’s collaborator) General-purpose, high-level. A teaching language influence by Perl, Ada, Lisp, Smalltalk, etc. Designed for productive and enjoyable programming.
- Creator: Yukihiro Matsumoto
- Primary Uses: Web application development, Ruby on Rails
- Used By: Twitter, Hulu, Groupon
1995 – Java (for the amount of coffee consumed while developing the language) General-purpose, high-level. Made for an interactive TV project. Cross-platform functionality. Second most popular language (behind C).2
- Creator: James Gosling of Microsystems
- Primary Uses: Network programming, web application development, software development, Graphical User Interface development
- Used By: Android OS/apps
1995 – PHP (“Personal Home Page”) Open-source, general-purpose. For building dynamic web pages. Most widely used open-source software by enterprises.
- Creator: Rasmus Lerdorf
- Primary Uses: Building/maintaining dynamic web pages, server-side development
- Used By: Facebook, Wikipedia, Digg, WordPress, Joomla
- Creator: Brendan Eich of Netscape
- Primary Uses: Dynamic web development, PDF documents, web browsers, desktop widgets
- Used By: Gmail, Adobe Photoshop, Mozilla Firefox
Vulnerability Distribution on First Submission by Language
|Code Quality||86%||Cytographical Issues||78%||Error Handling||87%|
|Cyptographical Issues||73%||Code Quality||75%||Buffer Overflow||75%|
|Directory Traversal||73%||Directory Traversal||65%||Buffer Management Errors||74%|
|CRLF Injection||71%||Information Leakage||61%||Numeric Errors||74%|
|Information Leakage||56%||Time and State||46%||Cyptographic Issues||66%|
|Time and State||56%||Cross-site Scripting (XSS)||43%||Directory Traversal||55%|
|Insufficient Input Validation||54%||CRLF Injection||41%||Dangerous Functions||51%|
|Cross-site Scripting (XSS)||49%||Insufficient Input Validation||34%||Time and State||44%|
|Credentials Management||44%||SQL Injection||32%||Code Quality||40%|
|API Abuse||42%||OS Command Injection||23%||Untrusted Search Path||27%|
|SQL Injection||41%||Credentials Management||19%||Format String||24%|
|Encapsulation||26%||Untrusted Search Path||18%||Race Conditions||23%|
|Session Fixation||25%||Error Handling||18%||OS Command Injection||20%|
|OS Command Injection||21%||Buffer Management Errors||6%||API Abuse||13%|
|Race Conditions||18%||Buffer Overflow||6%||Information Leakage||11%|
Takeaways from the Above Table:
- CRLF highly prevalent in Java but less so in .NET languages; doesn’t rank for C/C++
- SQL Injection and Cross Site Scripting fairly prevalent in Java and .NET
- Code Quality vulnerabilities very likely to occur in Java and .NET languages, less so in C/C++
- Cryptographic issues and Directory Traversal in the Top Six for each family
- Error Handling and Buffer Overflow common in C/C++ but much less in .NET; not ranked in Java
While Certain Values are more prevalent in some languages, producing secure code ultimately depends on secure development processes rather than which language is used.
Nine Tips for Secure Programming
- Always check for OWASP Top Ten vulnerabilities
- Ensure that sensitive data is properly encoded and encrypted
- Use access control and permissions to protect resources and limit application/user capabilities
- Validate all input and output
- Write code that is capable of handling exceptions (errors) securely
- Write code that is free of hardcoded credentials or cryptographic keys
- Use passwords and session management practices to verify users
- Store data securely
- Implement comprehensive yet realistic security policies