I think running code from an untrusted source or semi-trusted source is an underdeveloped area that will bear fruit in the future, but I think the gains will be long-term rather than short-term.
Today we live in a world where the source code that runs our advanced industrial society is owned and maintained in secret. And the business climate is highly competitive so a lot of people cut corners in terms of security. This means that instead of actually proving that their systems are secure system designers do something else.
If, instead, all of the source code of an advanced industrial society were maintained in an online library (like github) and anyone could submit a pull request to anything, then systems would have to have some way of protecting themselves from the introduction of exploits (either intentional or accidental).
So I am asking why practical infrastructure for such protection mechanisms (in terms of static analyzers and transformers) has not been built into Python, JavaScript, and C yet in order to see what people think about developing these kinds of language features.
The code that runs on the web runs in sandboxes, you do get XSS attacks which we should guard against but for the most part web security doesn't rely on trusted sources.
As for native, I believe there's some work being done in some fields to make it easier for users to reliably compile from source, which would give them the opportunity to scan the source (using whatever tools make sense, even MD5 hashes or similar) before compilation. IIRC the Debian project was working on improving the reproducibility of builds, you may find more of what you're looking for by searching for that project.
Today we live in a world where the source code that runs our advanced industrial society is owned and maintained in secret. And the business climate is highly competitive so a lot of people cut corners in terms of security. This means that instead of actually proving that their systems are secure system designers do something else.
If, instead, all of the source code of an advanced industrial society were maintained in an online library (like github) and anyone could submit a pull request to anything, then systems would have to have some way of protecting themselves from the introduction of exploits (either intentional or accidental).
So I am asking why practical infrastructure for such protection mechanisms (in terms of static analyzers and transformers) has not been built into Python, JavaScript, and C yet in order to see what people think about developing these kinds of language features.