Chris Swan is an Engineer at The @ Company, building the @platform, a technology that is putting people in control of their data and removing the frictions and surveillance associated with today’s Internet. He was previously a Fellow at DXC Technology where he held various CTO roles. Before that he held CTO and Director of R&D roles at Cohesive Networks, UBS, Capital SCF and Credit Suisse, where he worked on app servers, compute grids, security, mobile, cloud, networking and containers. Chris is an InfoQ Editor writing about cloud, DevOps and security, and co-hosts the Tech Debt Burndown Podcast.
What do we need to do in the next few years to ensure that the attack landscape for 2030 isn't the same as 2020? Better languages and frameworks have already brought substantial improvements in memory safety, eliminating whole classes of vulnerabilities caused by buffer overflows.Yet despite a major reshuffle in 2021, the OWASP top 10 remains full of things that boil down to a lack of input validation. An issue that has bedevilled tech since its inception. We're all told that we shouldn't trust the input to our programs, and that validation is our best defence. But developers get precious little help on that front from today's languages and frameworks; something that can and should change. This talk will examine a hypothetical evolution of TypeScript - ValidScript, to consider a future where input validation is baked in.