5 comments

[ 2.2 ms ] story [ 26.0 ms ] thread
Quite curious on the outcome, given that Microsoft has decided to only support C for application development on Azure Sphere.
You mean as opposed to safer languages like Rust or "friendlier" languages like Python or Javascript?
As opposed to C++, Ada, Rust or whatever else that is safer than plain old C.

Although I am aware that outside STL like data structures, C++'s security story is just as good as C.

NVidia is doing something similar for their automation projects, they have chosen to go with Ada/SPARK.

Now that is a security story I can buy.

Thanks for the clarification :)

As far as I know all current Sphere hardware is based on an ad-hoc Mediatek chip[0], which is really underpowered[1], I think this might be a factor. Or maybe I suppose they're bringing up C first and then build the toolchain for other languages on top of that?

[0]: https://www.mediatek.com/products/AIoT/mt3620

[1]: https://docs.microsoft.com/it-it/azure-sphere/app-developmen...

So far the only times that the discussion has come up, they state that their target market won't buy something else and there are sanitizers anyway.

Quite strange for a device whose sales pitch is security above anything else.

Yet notice how the "The Seven Properties of Highly Secure Devices" story doesn't mention anywhere the safety of the programming languages.

Meanwhile on another side of the computer campus we have Microsoft Security Response Center writing such blog posts https://msrc-blog.microsoft.com/2019/07/18/we-need-a-safer-s...

If you dig into developer requests, there are several posts regarding this, for example

https://feedback.azure.com/forums/915433-azure-sphere/sugges...

Note that I am not advocating that C# would be viable option on Sphere's case, just the absence to acknowledge C as being the platform Achilles' heel in the security story that the team selling.

At very least also do hardware memory tagging like Solaris SPARC, iOS and Android (as of 11) are doing.