In a world of increasing inter-connectivity, programming languages form the foundation. Did you know that the first programming language is over 100 years old and was written by a woman, Ada Lovelace? Join as us we delve into the history, evolution, and prevalance of programming languages over the years. In addition to outlining the history of languages and how each is traditionally used, you'll find information on what type of vulnerabilities are most common in programs developed in each language and which flaws are most typically fixed once discovered. History-Of-Programming-Languages-Veracode

Add this Infographic to Your Website for FREE!

Small Version

Large Version


Programming languages enable users to write programs for specific computations/algorithms.

The TIOBE index: An indicator of the popularity of various languages, based upon global numbers of engineers, courses, and third-party vendors

2013 TIOBE Index

Position Jan 2013 Position Jan 2012 Delta in Position Programming Language Ratings Jan 2013 Delta Jan 2012 Status
1 2 Up C 17.855% +.089% A
2 1 Down Java 17.417% -0.05% A
3 5 Very Up Objective-C 10.283% +3.37% A
4 4 Same C++ 9.140% +1.09% A
5 3 Very Down C# 6.196% -2.57% A
6 6 Same PHP 5.546% -0.16% A
7 7 Same Visual Basic 4.749% +0.23% A
8 8 Same Python 4.173% +0.96% A
9 9 Same Perl 2.264% -0.50% A
10 10 Same JavaScript 1.976% -0.34% A
See Source 5




The History and Influence of Programming Languages


1957 - Fortran (short for “The IBM Mathematical Formula Translating System”) General-purpose, high-level. For numeric and scientific computing (as an alternative to assembly language). Oldest programming language still used today.


1958 - Lisp (short for “List Processor”) High-level. For mathematical notation. Several new computer science topics: tree data structures, automatic storage management, dynamic typing, and self-hosting compilers


1959 - Cobol (short for "Common Business-Oriented Language) High-level. Primarily for business computing. First programming language to be mandated by the US Department of Defense.


1964 - BASIC (acronym for “Beginner’s All-purpose Symbolic Instruction Code”) General-purpose, high-level. Designed for simplicity. Popularity exploded in the mid-‘70s with home computers; early computer games were often written in Basic, including Mike Mayfield’s Star Trek.


1970 - Pascal (after French mathematician/physicist Blaise Pascal) High-level. For teaching structured programming and data structuring. Commercial versions widely used throughout the ‘80s.


1972 - C (based on an earlier language called "B") General-purpose, low-level. Created for Unix systems. Currently the world’s most popular programming language.2 Many leading languages are derivatives, including C#, Java, JavaScript, Perl, PHP, and Python.


1980 - Ada (After Ada Lovelace, inventor of the first programming language) High-level. Derived from Pascal. Contracted by the US Department of Defense in 1977 for developing large software systems.


1983 - C++ (formerly “C with Classes”; ++ is the increment operator in “C”) Intermediate-level, object-oriented. An extension of C, with enhancements such as classes, virtual functions, and templates.


1983 - Objective-C (object-oriented extension of “C”) General-purpose, high-level. Expanded on C, adding message-passing functionality based on Smalltalk language.


1987 - Perl (a language named "PEARL" already existed, so "Pearl" wasn't an option...) General-purpose, high-level. Created for report processing on Unix systems. Today it’s known for high power and versatility.


1991 - Python (for British comedy troupe Monty Python – tutorials, sample code, and instructions often reference them) General-purpose, high-level. Created to support a variety of programming styles and be fun to use.


1993 - Ruby (the birthstone of one of the creator's collaborator) General-purpose, high-level. A teaching language influence by Perl, Ada, Lisp, Smalltalk, etc. Designed for productive and enjoyable programming.


1995 - Java (for the amount of coffee consumed while developing the language) General-purpose, high-level. Made for an interactive TV project. Cross-platform functionality. Second most popular language (behind C).2


1995 - PHP ("Personal Home Page") Open-source, general-purpose. For building dynamic web pages. Most widely used open-source software by enterprises.


1995 - JavaScript (final choice after "Mocha" and "LiveScript" High-level. Created to extend web page functionality. Dynamic web pages use for form submission/validation, interactivity, animations, user activity tracking, etc.


Vulnerability Distribution on First Submission by Language

Java Rating .NET Rating C/C++ Rating
Code Quality 86% Cytographical Issues 78% Error Handling 87%
Cyptographical Issues 73% Code Quality 75% Buffer Overflow 75%
Directory Traversal 73% Directory Traversal 65% Buffer Management Errors 74%
CRLF Injection 71% Information Leakage 61% Numeric Errors 74%
Information Leakage 56% Time and State 46% Cyptographic Issues 66%
Time and State 56% Cross-site Scripting (XSS) 43% Directory Traversal 55%
Insufficient Input Validation 54% CRLF Injection 41% Dangerous Functions 51%
Cross-site Scripting (XSS) 49% Insufficient Input Validation 34% Time and State 44%
Credentials Management 44% SQL Injection 32% Code Quality 40%
API Abuse 42% OS Command Injection 23% Untrusted Search Path 27%
SQL Injection 41% Credentials Management 19% Format String 24%
Encapsulation 26% Untrusted Search Path 18% Race Conditions 23%
Session Fixation 25% Error Handling 18% OS Command Injection 20%
OS Command Injection 21% Buffer Management Errors 6% API Abuse 13%
Race Conditions 18% Buffer Overflow 6% Information Leakage 11%

Takeaways from the Above Table:

  • 1843: Ada Lovelace credited with first computer programming language; wrote an algorithm for the Analytical Engine (early mechanical computer)
  • There are 1.2M+ computer programmers and software developers in the US
    • Creator: John Backus of IBM
    • Primary Uses: Supercomputing applications (i.e. weather and climate modeling, animal and plant breeding, computational science functions)
    • Used By: NASA
    • Creator: John McCarthy of MIT
    • Primary Uses: AL development, air defense systems
    • Used By: Etsy uses Clojure, a dialect of Lisp
    • Creator: Short Range Committee (SRC)
    • Primary Uses: Business software (esp. finance and administration systems, but also banks, insurance agencies, governments, military agencies)
    • Used By: Credit cards, ATMs
    • *Fun Fact Action movie The Terminator used samples of Cobol source code for the text shown in the Terminator’s vision display.
    • Creator: John George Kenny and Thomas Eugene Kurtz of Dartmouth (SRC)
    • Primary Uses: Home computers, simple games, programs, utilities
    • Used By: Microsoft’s Altair BASIC, Apple II
    • Creator: Niklaus Wirth
    • Primary Uses: Teaching programming. Also - Object Pascal, a derivative, is commonly used for Windows application development
    • Used By: Apple Lisa (1983), Skype
    • Creator: Dennis Ritchie of Bell Labs
    • Primary Uses: Cross-platform programming, system programming, Unix programming, computer game development
    • Used By: Unix
    • Creator: Jean Ichbiah
    • Primary Uses: Dept. of Defense, banking, manufacturing, transportation, commercial aviation
    • Used By: NSTAR, Reuters, NASA, subways worldwide
    • Creator: Bjarne Stroustrup
    • Primary Uses: Commercial application development, embedded software, server/client applications, video games
    • Used By: Adobe, Google Chrome, Mozilla Firefox, Microsoft Internet Explorer
    • Creator: Brad Cox and Tom Love of Stepstone
    • Primary Uses: Apple programming
    • Used By: Apple’s OS X and iOS operating systems
    • Creator: Larry Wall of Unisys
    • Primary Uses: CGI, database applications, system administration, network programming, graphics programming
    • Used By: IMDb, Amazon, Priceline, Ticketmaster
    • Creator: Guido Van Rossum of CWI
    • Primary Uses: Web application, software development, information security
    • Used By: Google, Yahoo, Spotify
    • Creator: Yukihiro Matsumoto
    • Primary Uses: Web application development, Ruby on Rails
    • Used By: Twitter, Hulu, Groupon
    • Creator: James Gosling of Microsystems
    • Primary Uses: Network programming, web application development, software development, Graphical User Interface development
    • Used By: Android OS/apps
    • Creator: Rasmus Lerdorf
    • Primary Uses: Building/maintaining dynamic web pages, server-side development
    • Used By: Facebook, Wikipedia, Digg, WordPress, Joomla
    • Creator: Brendan Eich of Netscape
    • Primary Uses: Dynamic web development, PDF documents, web browsers, desktop widgets
    • Used By: Gmail, Adobe Photoshop, Mozilla Firefox
    • CRLF highly prevalent in Java but less so in .NET languages; doesn’t rank for C/C++
    • SQL Injection and Cross Site Scripting fairly prevalent in Java and .NET
    • Code Quality vulnerabilities very likely to occur in Java and .NET languages, less so in C/C++
    • Cryptographic issues and Directory Traversal in the Top Six for each family
    • Error Handling and Buffer Overflow common in C/C++ but much less in .NET; not ranked in Java
  • While Certain Values are more prevalent in some languages, producing secure code ultimately depends on secure development processes rather than which language is used.


    Nine Tips for Secure Programming


    1. Always check for OWASP Top Ten vulnerabilities
    2. Ensure that sensitive data is properly encoded and encrypted
    3. Use access control and permissions to protect resources and limit application/user capabilities
    4. Validate all input and output
    5. Write code that is capable of handling exceptions (errors) securely
    6. Write code that is free of hardcoded credentials or cryptographic keys
    7. Use passwords and session management practices to verify users
    8. Store data securely
    9. Implement comprehensive yet realistic security policies






About Neil DuPaul

Neil manages the blog pipeline at Veracode, often by fending off eager contributors with a stick. He manages much of the Veracode web presence while also motivating the more introspective Veracoders to be social. Lover of sports and outdoors, and a SERP enthusiast, hit him up on Twitter here.

Comments (7)

Jeremy | April 15, 2013 4:35 pm

"How will java's recent security vulnerabilities affect it's popularity?"

The vulnerabilities have been mainly in applet sandboxing right? What percentage of all that java code is run in sandboxed applets? Probably a very tiny fraction. Vulnerabilities that affected server side applications would actually matter.

In-Ho Yi | June 3, 2013 7:15 pm

No, JavaScript is not a derivative of C. It is a Lisp-like language with with C-like syntax.

Ricardo | June 10, 2013 7:57 am

I like your site! great information.

Jeffrey Fisher | June 13, 2013 12:17 am

Actually, PHP now stands for "PHP: Hypertext Preprocessor" according to

Alex | June 13, 2013 9:06 am

I think it's a bit old info, cause Twitter uses Scala and not Ruby any more, right?
Though very interesting info, thanks!

Jose | June 16, 2013 9:57 am

What about Scala ?

J. A. | December 17, 2015 6:01 pm

Great graphic but should have included COBOL creator Grace Murray Hopper, a true pioneer and a woman.

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.