Choosing Your Next Programming Language: A Strategic Framework
Hello!
As a C++ expert who’s also made multiple language choices in a startup and product refresh context, I want to address an important report released by world governments late last year that encourages C-Suite Executives to consider memory-safe programming languages for their projects. While the report makes compelling arguments about security, choosing a programming language requires a more comprehensive framework that I'll outline here.
If you like this content, please consider subscribing!
The Poetry of Programming
Programming languages are like different forms of poetry. Each has its own structure, rules, and ideal use cases. While there are numerous programming languages available, and most programmers have a favorite that they believe "fixes all problems," the choice of language should be based on more than personal preference or single attributes like memory safety.
Today's language selection process is more about choosing an ecosystem than evaluating individual language features. I propose a simple ranked framework for making this choice:
Libraries: The existing code you can build upon
People: The community and talent pool available
Language Merits: The technical characteristics
In the past, platform compatibility was a fourth consideration, but the rise of web-based delivery and cross-platform development has largely eliminated this concern. Languages like Java pioneered the "write once, run everywhere" approach, and many modern languages now abstract away platform differences to let programmers focus on business needs.
Libraries: Standing on the Shoulders of Giants
Libraries are collections of code that perform specialized or useful tasks. Think of them as well-crafted poems that accomplish specific goals. For example, Go includes an HTTP web server in its standard library, positioning itself as a core backend language by providing essential web service functionality.
At their core, programming languages provide syntax (rules for connecting words) and vocabulary (basic instructions for the computer). Memory-unsafe languages like C and C++ offer vocabulary to manipulate hardware and memory directly, which can lead to security vulnerabilities. Memory-safe languages restrict these potentially dangerous operations, compartmentalizing the choices available to developers.
When choosing a language, you're really choosing which existing code to build upon. Consider Python in machine learning: while not inherently fast, Python's ability to wrap high-performance C libraries like TensorFlow makes it the de facto choice for AI development. It's not about the language itself, but the powerful "poems" it can access and compose.
People: The Poets Behind the Code
Programmers typically have favorite languages that reflect their values and approaches to problem-solving. For instance:
Haskell enthusiasts often love tackling complex problems through structured modeling.
TypeScript developers tend to be pragmatic, focusing on product delivery.
OCaml and Haskell's prevalence in fintech reflects their personal opinion in the strength of formal verification.
When selecting a language for your project, consider the type of developers you want to attract. The language choice will naturally select for people who want to build the kinds of systems you're envisioning. Additionally, consider the availability of training resources and experts who can help grow your team as your product evolves.
Language Merits: The Final Consideration
Language merits include characteristics like ergonomics, intended use cases, syntax, type safety, security, and memory safety. While these features often dominate technical discussions and marketing materials, they should be considered only after evaluating libraries and people.
Consider this scenario: you choose a memory-safe language that lacks robust libraries for your domain and has few developers experienced in building similar systems. Despite its technical merits, your project faces significant challenges. You may have chosen a "safer" language, but without good "poems" to work from or skilled "poets" to write them, success becomes much more difficult.
Conclusion: Writing Your Technology Story
While recent government recommendations about memory-safe languages are important, they represent just one factor in a complex decision. Choosing a programming language is like selecting the literary style for your technology story. The language itself—its safety features, syntax, and technical merits—is only the final consideration in our framework.
First, examine the libraries available: these are the proven "poems" you can build upon, the collected wisdom of developers who have solved similar problems. Next, consider the people: the community of "poets" who will help write your story, their values, and their expertise in building systems like yours. Only then should you weigh the language's technical merits, including important considerations like memory safety.
Remember that no language choice exists in isolation. The most secure, elegant, or efficient language won't serve your needs without robust libraries and a strong community behind it. By following this Libraries-People-Language framework, you can make an informed choice that not only addresses security concerns but also positions your project for long-term success.
References
United States Cybersecurity and Infrastructure Security Agency et al., “The Case for Memory Safe Roadmaps Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously.” Dec. 2023. Accessed: Nov. 01, 2024. [Online]. Available: https://media.defense.gov/2023/Dec/06/2003352724/-1/-1/0/THE-CASE-FOR-MEMORY-SAFE-ROADMAPS-TLP-CLEAR.PDF
Travis Media, Cybersecurity Experts NOW Recommending These Languages, (Dec. 10, 2023). Accessed: Nov. 01, 2024. [Online Video]. Available: https://www.youtube.com/watch?v=eG9aLKAKhdc