Given programming languages can provide different types and levels of
security support, it is critically important to consider security aspects while
selecting programming languages for developing software systems. Inadequate
consideration of security in the choice of a programming language may lead to
potential ramifications for secure development. Whilst theoretical analysis of
the supposed security properties of different programming languages has been
conducted, there has been relatively little effort to empirically explore the
actual security challenges experienced by developers. We have performed a
large-scale study of the security challenges of 15 programming languages by
quantitatively and qualitatively analysing the developers’ discussions from
Stack Overflow and GitHub. By leveraging topic modelling, we have derived a
taxonomy of 18 major security challenges for 6 topic categories. We have also
conducted comparative analysis to understand how the identified challenges vary
regarding the different programming languages and data sources. Our findings
suggest that the challenges and their characteristics differ substantially for
different programming languages and data sources, i.e., Stack Overflow and
GitHub. The findings provide evidence-based insights and understanding of
security challenges related to different programming languages to software
professionals (i.e., practitioners or researchers). The reported taxonomy of
security challenges can assist both practitioners and researchers in better
understanding and traversing the secure development landscape. This study
highlights the importance of the choice of technology, e.g., programming
language, in secure software engineering. Hence, the findings are expected to
motivate practitioners to consider the potential impact of the choice of
programming languages on software security.

By admin