Hackers weigh in on programming languages of choice
Small, self-described sample, sure. But results show shifts over time
Never mind what enterprise programmers are trained to do, a self-defined set of hackers has its own programming language zeitgeist, one that apparently changes with the wind, at least according to the relatively small set surveyed.
Members of Europe's Chaos Computer Club, which calls itself "Europe's largest association of hackers" were part of a pool for German researchers to poll. The goal of the study was to discover what tools and languages hackers prefer, a mission that sparked some unexpected results.
The researchers were interested in understanding what languages self-described hackers use, and also asked about OS and IDE choice, whether or not an individual considered their choice important for hacking and how much experience they had as a programmer and hacker.
How are CCC hackers hacking?
To be fair, the survey only had 43 respondents, so it's too small to allow for representative conclusions, but even with a tiny sample, they note the results "add to the extremely scarce literature on the subject. The approach could serve as a model for future surveys, possibly at international level," the paper said.
The experience of respondents gives the survey more weight, though. Nearly three-quarters said they had five or more years of experience as a hacker, and 93 percent have five or more years of programming experience.
As for which programming languages the hackers from CCC prefer (respondents could choose more than one answer), it appears that Bash/Shell/PowerShell are the most popular, with 72.5 percent saying they've used it to hack in the past year. The next most popular is Python, with 70 percent saying they used it for hacking in the past year.
For those arguing that Bash isn't a programming language, the researchers understand. However, "we have included them in the list anyway to avoid possible gaps in the study," the paper said.
- UK Ministry of Defence takes recruitment system offline, confirms data leak
- IT outage at Scotland's Heriot-Watt University enters second week
- F-Secure spins out new enterprise security business: WithSecure
- VMware fixes command injection, file upload flaws in Carbon Black security tool
Unsurprisingly, 95 percent of respondents said they used a Linux-based OS for hacking in the past year, while only 40 percent used Windows, 32 percent used macOS, and 17.5 percent used BSD. IDE choice was similarly concentrated, with 60 percent saying they used Vim and 50 percent saying they used Visual Studio Code.
What the numbers mean
At the heart of the study is the question of what programming languages hackers use, from which follows an additional question: is that language an important part of your hacking process? The results suggest no.
Only 25 percent of respondents said that they agreed or strongly agreed with the statement "The choice of the programming language is important for hacking." Otherwise, 32.5 percent said it didn't matter, and the remaining 42.5 percent said they disagreed or strongly disagreed that language choice was important.
From that, it seems the definition of hacker that the paper puts forward, "someone who uses his/her technical expertise to deal with computers with special regard to their security," means hackers are more interested in the process of hacking than the particular language used to do it.
It also indicates that "the prevalence of Python for hacking might therefore simply reflect the general increase in its use in recent years," the paper said. "Consequently, one could expect that the language preference of hackers will continue to change in future as technology evolves." ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust