Unsafe Impedance: Safe Languages and Safe by Design Software

TL;DR

This paper introduces the concept of unsafe impedance to evaluate the safety of programming languages and proposes an Unsafe Acceptance Process to enhance safe by design software development.

Contribution

It presents a novel perspective called unsafe impedance for assessing language safety and suggests integrating Unsafe Acceptance Processes into business workflows.

Findings

Erlang and Elixir are compared with other safe languages.

Unsafe impedance reveals differences in language safety.

Unsafe Acceptance Processes can improve software safety practices.

Abstract

In December 2023, security agencies from five countries in North America, Europe, and the south Pacific produced a document encouraging senior executives in all software producing organizations to take responsibility for and oversight of the security of the software their organizations produce. In February 2024, the White House released a cybersecurity outline, highlighting the December document. In this work we review the safe languages listed in these documents, and compare the safety of those languages with Erlang and Elixir, two BEAM languages. These security agencies' declaration of some languages as safe is necessary but insufficient to make wise decisions regarding what language to use when creating code. We propose an additional way of looking at languages and the ease with which unsafe code can be written and used. We call this new perspective \em{unsafe impedance}. We then go on to use unsafe impedance to examine nine languages that are considered to be safe. Finally, we suggest that business processes include what we refer to as an Unsafe Acceptance Process. This Unsafe Acceptance Process can be used as part of the memory safe roadmaps suggested by these agencies. Unsafe Acceptance Processes can aid organizations in their production of safe by design software.