I recently had a conversation with the Principle Security Architect for a large company concerned with security, identity, and access management. He asked me, “What language do you write your code in and why?”.
I answered his question with “It depends on what the goal of the software is”. I then went into more detail.
After the conversation, I thought about his question and my answer. This article is the result.
What are my skills?
There are two areas to consider when determining your skill set with a programming language. The actual language syntax and grammar, and the ecosystem that surrounds the language (libraries, tools, debuggers, runtime, etc).
I am at an expert level in the language, syntax, and grammar of:
I am very comfortable with:
When I factor in the libraries, tools, debugging skills, runtime environments, etc, my choices become:
In summary, I can write code and develop products using the most popular programming languages of today.
What should I consider when selecting a language?
What is the intended purpose of the software?
If the goal is to prototype new ideas to quickly test and demonstrate concepts, I want a language that is easy to understand, easy to write in and I can quickly put something together. Usually, I choose Python for this task. Recently, I started using PowerShell for many projects.
If the goal is production quality software that must run efficiently, be secure, and perhaps integrate into highly available, fault-tolerant systems, then I usually choose C/C++, C# or Go. The choice can be further narrowed down by the availability of libraries, development and debugging tools and runtime environments. For example, I am a longtime user of Visual Studio. For Microsoft enterprise environments, which include the data center and Azure, I usually choose C# or C/C++. For another example, Google developed the Go language, therefore in Google Cloud, I usually choose Go for production product development and deployment.
Note: Normally, I would not use Python for production-quality enterprise software. There are cases where I would if it is a small utility, tool or is a special one-off program for a particular user. The open nature of Python libraries is great for rapid prototyping, but not good for security and reliability.
Security and reliability of libraries
The availability of libraries for a particular language can be both a plus and a negative. In developing software that must be secure, well tested, with controlled repeatable deployments, third-party libraries can be a problem. How secure are those libraries? How well have they been tested? What happens if the library disappears, or development stops.
Should you avoid third-party libraries? This is a difficult question to answer. Does the library have an extensive test suite? Does the library have a controlled update and distribution strategy? Are the developers public with their backgrounds and skill sets? Review each library and use case and determine for yourself the strengths and drawbacks of that library. Sometimes, it is better to bring the library in-house for better security and quality control. In other cases, maybe you can trust and rely upon that library.
Development tools, debuggers, and runtimes
I am very picky when it comes to the tools I use for development. I prefer Visual Studio for all my projects. I use VI and a wide assortment of Linux command-line tools. This choice comes down to your preference, your skill set, and your budget. Factors to consider, such as are you working alone on the development, a small group of five developers or is this an enterprise product with fifty or more people involved? Sometimes the choice is made for you.
Hopefully, my narrative will provide food for thought for your next project. Whether it is a prototype to play with new technology or an enterprise product managed by teams of people, the choice of a programming language is just one of many items to consider. I recommend learning several very different languages such as C#, Go and Python. Your skills as a programmer will be enhanced and you will be able to integrate quickly into most development environments.
I design software for enterprise-class systems and data centers. My background is 30+ years in storage (SCSI, FC, iSCSI, disk arrays, imaging) virtualization. 20+ years in identity, security, and forensics.
For the past 14+ years, I have been working in the cloud (AWS, Azure, Google, Alibaba, IBM, Oracle) designing hybrid and multi-cloud software solutions. I am an MVP/GDE with several.