http://www.businessweek.com/the_thread/techbeat/archives/2009/01/nsa_dhs_ind... ...

I think that http://www.galois.com is already doing as stated in the article/ ...... I sincerely think there is a segway for Haskell here with strong and static type checking..

Strong static type checking is a very useful tool, but there's a lot more to securing against the 25 most common errors. For example, you can use the type system to ensure that output encoding is always applied to user-provided data, but you must first be aware of this issue and write libraries that enforce this and make use of these libraries a requirement in applications or application frameworks. Some problems such as cross-site request forgery are best addressed by the application framework, so framework authors must be aware of these issues and implement protections for the issue. This usually involves the use of some cryptographic primitives, and the type system doesn't do anything to make sure you get that right. Security issues are (mostly) a subset of correctness issues. Haskell provides some tools to help you make sure your program is correct, but there are a lot of ways to write incorrect software despite the help these tools provide. These tools are very valuable and should be sold to the wider developer community, but they are no silver bullet.

Vasili

Tim Newsham http://www.thenewsh.com/~newsham/