Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

Programming languages: One in four Go developers are already using this 'most requested' feature

12 сентября 2022 года Hi-network.com
Image: Getty/Nitat Termmee

About a quarter of developers using Google's open source Go programming language have started using "generics" -a highly demanded feature that was missing until this year -and while developers worry about supply chain security, they're ill equipped to respond to vulnerabilities. 

Go gained generics in Go version 1.18 released in March, when it was described as 'Go's most often requested feature', so it's not surprising it has since been quickly adopted. According to the June 2022 Go developer survey, over a quarter of the 5,752 respondents have started using generics in their Go code. Go is the 16th most popular programming language, according to developer analyst, Redmonk's January 2022 rankings. 

Developer

  • It's the end of programming as we know it -- again
  • Developers feel secure in their jobs, but they're still thinking about quitting
  • The future of the web will need a different sort of software developer
  • The best Linux laptops for consumers and developers

Todd Kulesza, a UX designer on Go, noted in a blogpost that the addition of generics was welcome, but noted that about a third of developers are running into some limitations of its initial implementation. 

SEE: These are the biggest cybersecurity threats. Make sure you aren't ignoring them

Generics, or support for type parameters, brings more type safety to Go and improves productivity and performance. Some 86% of respondents were aware generics shipped in Go 1.18 and 26% had used it, with 14% already using generics in production or released code. However, 54% said they didn't need to use generics today, while 12% had used generics but not in production code. 

Another obstacle to using generics was that linters didn't support them while 26% reported using a pre-1.8 release or being on a Linux distribution that didn't provide Go 1.18 packages. 

But 10% reported that using generics had resulted in less code duplication.   

Kulesza says worries over vulnerabilities in Go dependencies are a "top security concern". Only 12% of developers were using tools like fuzz testing on Go code. A sizable 65% of developers were using static analysis tools but only 35% of them use these to find vulnerabilities. 

The survey found that 84% use security tooling during CI/CD time, but this was often too late in the development cycle as developers want to be notified about a vulnerability in a dependency before building up on it. 

The Go team this week also launched new vulnerability management tools and a vulnerability database for Go based on data from Go package maintainers. Go 1.18 was also the first version to feature fuzzing in its standard toolchain. The Go fuzz tests are supported by Google's open-source fuzzing tool OSS-Fuzz.

SEE:Four ways to get noticed in the changing world of work

These are all activities the NSA recently recommended for developers to do to improve software supply chain security and secure coding practices, which came into focus after the 2020 SolarWinds breach. 

The Go survey highlights some problems developers face.

Fifty-seven percent of developers reported having difficulties evaluating the security of third-party libraries. Kulesza notes GitHub's dependabot or the Go team's govulncheck can assist here. In fact, Dependabot was by far the most common way respondents learned of a vulnerability in a dependency. 

However, only 12% conducted an investigation to see whether and how their software was impacted by a vulnerability. It found 70% of those who did investigate a vulnerability's impact found the process of impact analysis the most challenging. They also reported it was often unplanned and unrewarded work. 

The most popular code editor for Go developers was Microsoft's cross-platform Visual Studio Code (VS Code), which is used by 45% of respondents, followed by GoLand/IntelliJ (34%), Vim/Neovim (14%), and Emacs (3%). 

Some 59% of respondents developed on a Linux machine, followed by 52% on macOS, and 23% on Windows, with 13% using the Windows Subsystem for Linux. By far the most common platform to target was Linux at 93%, followed by Windows at 16%, macOS at 13%, and IoT devices at 5%.

Open Source

GitHub vs GitLab: Which program is right for you?The best Linux distros for beginnersFeren OS is a Linux distribution that's as lovely as it is easy to useHow to add new users to your Linux machine
  • GitHub vs GitLab: Which program is right for you?
  • The best Linux distros for beginners
  • Feren OS is a Linux distribution that's as lovely as it is easy to use
  • How to add new users to your Linux machine

tag-icon Горячие метки: По вопросам бизнеса Компания-разработчик

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.