@Scale 2019: Leveraging the type system to write secure applications

Shannon discusses ways to extend the type system to eliminate entire classes of security vulnerabilities at scale. Application security remains a long-term and high-stakes challenge for most projects that interact with external users. Python’s type system is already widely used for readability, refactoring, and bug detection — Shannon demonstrates how types can also be leveraged to make a project systematically more secure. She investigates (1) how static type checkers such as Pyre or MyPy can be extended with simple library modifications to catch vulnerable patterns, and (2) how deeper type-based static analysis can reliably flag remaining use cases to security engineers.