Defending a network means understanding the attack surface, but that attack surface may be broader than you think – all thanks to a scripting language that grew beyond expectations.
- For some use cases, such as interactive graphical client-side applications or server-side applications, high performance is a necessity. As a result, the engine cannot rely on interpretative execution.
- For general web browsing, the key to responsiveness is extremely fast start time for newly-loaded code. Since compilation produces significant start-up delays, the engine cannot rely exclusively on compilation, either.
Language-based security concerns are a well-known phenomenon. Some languages, such as C and C++, tend to make it overly challenging to choose safe programming constructs. Other languages, notably Java, have been plagued with implementation bugs in their class libraries or sandboxing mechanisms. Still others are lacking in facilities important for secure application development.