A study by the University of Turku, Finland (A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI) showed that 46% of 224,651 open source Python Packages displayed one or more security issues. Is that good news, or bad news?
The researchers used the Bandit static analysis tool to find security issues. Static analysis is incredibly helpful to improve software quality but it is not the only answer. For a start, coding guidelines need to be adopted in the early stages of project development, not at the end. If we were to make today’s GNU C library compliant with the MISRA coding guidelines, it would require so many changes that the library’s quality would definitely go down. Furthermore, would you believe that the other 54% of the packages are secure based on this single scan?
At Solid Sands we are focused on functional safety. So what is the relationship between safety and security? My conjecture is that anything that is required for safety is also good for security. Developers of secure software can learn a lot from the development of software for safety-critical applications, because the field of functional safety has a much longer history than that of cyber security. Functional safety started with exploding steam engine boilers during the industrial revolution. Functional safety has taught us that there is no silver bullet — no single ‘safety scanner’ that will do the job. Functional safety is a process that forces you to consider risks, document your decisions, link specifications to implementation, and verify (including verification with static analysis) at multiple levels of abstraction. These are many practices that must work well together. Without a rigorous process in place, no tool is going to rescue you. The same is true for security.
The C and C++ programming languages are not inherently safe. As the saying goes, they make it easy to shoot yourself in the foot. In Python (just as an example), it is not so easy to generate a core dump as it is in C. But does that make Python more safe and secure? Python’s APIs are many, with access to many layers of abstraction inside the machine and out on the internet, posing significant vulnerabilities. That is clearly demonstrated by the Finish paper. C (and to some extent also C++) has a number of important advantages over other programming languages when it comes to safety and security. First, it is based on an ISO standard that is widely discussed and widely agreed on. Few modern programming languages can claim such a solid foundation. Second, its weaknesses are well known. Third, its ecosystem is mature and so large that excellent analysis tools that help counter its risks exist. For example, BUGSENG’s ECLAIR verification platform prides itself in generating as few false positives as possible. Lastly, C and its standard library have been used in many existing safety-critical projects before. Cybersafety and security will never be able to guarantee the absence of vulnerabilities. The best we can do is reduce the risk. The reuse of proven components contributes to that.
Safety and security cannot be defined by a single language, tool or number. At Solid Sands, we are contributing our own thread to the tapestry of safety and security by providing a requirements-based test suite for the Standard C library, with very high structural coverage, in the form of our SuperGuard test suite. Make it part of your process too.
Marcel Beemster, CTO
Subscribe to our monthly blog!