Modern vehicles are complex, software-controlled systems. However, with complexity, the attack surface for malicious actors also increases. The programming languages used therefore play a special role.
A large number of different programming languages are used in the development of software for the automotive sector. But which language is best suited to meet the stringent requirements of cybersecurity?
Cybersecurity has become a key factor in the automotive industry. According to this year's industry report by Perforce, 24 percent of automotive software professionals surveyed cited the lack of necessary skills to combat security threats as their biggest challenge. Meanwhile, 22 percent identified meeting security requirements as the biggest challenge.
Security Through Standards
Standards such as ISO/SAE 21434 are crucial to ensuring the highest possible level of cybersecurity in vehicles. However, general quality characteristics of software, as defined in the ISO 25010 quality model, are also relevant for the development of automotive software, even if they are not explicitly required.
Programming languages play a crucial role in meeting these standards. They influence everything: from the level of modularity and abstraction to resilience against security vulnerabilities.
ISO/SAE 21434: Cybersecurity Engineering
ISO/SAE 21434 is an automotive standard for cybersecurity-related risk management in electronic vehicle systems. Although the standard is still relatively new, a majority of respondents (65 percent) already need to comply with it today.
The standard includes detailed requirements for software development. These include, among other things, checking the software code for inherent security risks as well as consistency, correctness, and completeness. Additionally, certain criteria must be considered when selecting the programming language, such as secure design and secure coding techniques or clear syntax and semantics.
ISO 25010: Model for Software Quality
Image 1: Main characteristics of software quality according to ISO 25010.
(Image: Perforce)
In addition, ISO 25010 defines a more general model for software quality based on eight main and 31 sub-characteristics. Here too, the programming languages used must therefore have properties that enable developers to write software that meets these criteria. Cybersecurity is one of them. However, companies need to determine how well the properties of the chosen programming language fulfill this and all other required quality characteristics. For real-time applications, functional suitability and performance efficiency are at least equally important.
AUTOSAR Platforms
AUTOSAR (short for "Automotive Open System Architecture") aims to standardize fundamental software elements, interfaces, and bus systems and make them future-proof. This is intended to help vehicle manufacturers manage the growing system complexity while keeping costs low.
The "Classic Platform API" is designed for vehicle functions with strict real-time requirements and high importance for functional safety. The interface was specified in the programming language C. The new "Adaptive Platform API," on the other hand, was specified using C++ but explicitly supports bindings to other languages.
It is therefore important to discuss the quality characteristics of popular programming languages such as Python, Java, C#, JavaScript, Go, and Rust.
An Overview of the Most Common Languages
In general, the programming languages used in vehicle manufacturing can be divided into three categories: native, platform, and interpreted languages. Each of these has specific strengths and weaknesses that make them suitable for different use cases.
Native Languages
Native languages are compiled into object code that can be executed directly on the target machine. These languages include — listed by their release dates — C, C++, Rust, and Go.
Executing native languages raises concerns about functional and digital security. Program errors can lead to crashes, and security vulnerabilities can be exploited for harmful purposes. For C and C++, ISO maintains language standards that specify problematic behavior. C and C++ can exhibit various forms of undefined behavior, such as using uninitialized data, attempting to access null memory addresses, and buffer overflows.
Fortunately, issues like these are largely known, and coding standards such as MISRA C and MISRA C++ aim to minimize the risk of such undefined behavior as much as possible. The use of static analysis tools can also help ensure reliable adherence to coding standards.
Native languages are inherently performance-efficient. C and C++ enable optimal runtime and memory performance and therefore offer the highest level of execution control. However, this comes with the risk of faulty memory accesses, such as using memory after it has been freed ("use after free"). Coding standards provide guidelines in this area. MISRA C includes a mandatory rule prohibiting the use of dynamic memory. In C++, "Scope Bound Resource Management" (SBRM) offers a way to automate memory management.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
The language Go was introduced by Google in 2009. Its design focuses on parallel code execution. Like C, it allows manual memory management with all the associated risks. For automatic memory management, it uses a garbage collector, which introduces nondeterminism, making it unsuitable for real-time applications.
Rust is described in the book "Rust Reference," and the Ferrocene toolchain includes a specification of the language. Rust offers an innovative dynamic memory solution based on the ownership concept. It includes rules for memory ownership that the program must follow. These rules automate memory management, similar to SBRM in C++. While this makes writing correct program code more challenging, it eliminates the need for garbage collection and is therefore suitable for real-time applications.
The recently established "Safety-Critical Rust Consortium" is working on additional guidelines for functional safety. For MISRA C, Perforce has created a subsection called "Iron Carbide," which can be applied to Rust.
There are also differences regarding the features of the individual languages. C supports only procedural programming, whereas all other languages support modern programming paradigms.
C compilers are available for almost every hardware. The same applies to C++ compilers. Rust is compiled into native code and uses LLVM technology for this purpose, which supports a wide range of architectures. Finally, Go is only supported on desktop platforms.
Platform Languages
A platform provides an abstraction from the machine. It contains a compiler that generates bytecode for its virtual machines. Java and Kotlin run on the Java platform using the Java Virtual Machine (JVM). C#, on the other hand, is the primary language for the .NET platform with Microsoft's Common Language Runtime (CLR).
The execution of programs is fully defined by the specification of the virtual machine. However, they operate with a garbage collector, which can lead to non-determinism. Real-time Java platforms use a deterministic preemptive garbage collector. Nevertheless, programs can still contain errors and cause security issues. Accordingly, there is a CERT Coding Standard for Java, while CWE provides lists of known weaknesses and OWASP Cheat Sheets are available for both platforms.
Kotlin is Google's central programming language for the Android platform and has replaced Java in this role. Android offers a "Native Development Kit" with advanced support for C and C++. In 2021, Rust was also added as an additional option. Kotlin has a strong similarity to Java, but interface changes often require more frequent code adjustments — negatively affecting maintainability. Kotlin is interoperable with JavaScript for use in web applications.
Java is available for common desktop and server platforms, while .NET is only really well supported on Windows.
Interpreted Languages
The two remaining languages, Python and JavaScript, are interpreted languages. Interpreters read the program line by line and execute the commands. As a result, these are the least deterministic and least suitable languages for use in real-time systems.
Python is a popular scripting language that runs slowly but is easy to write. It is often used as a bridge between fast components written in native languages. No guidelines exist for Python regarding functional or digital safety.
JavaScript is used to program the behavior of websites. In the automotive industry, some in-vehicle infotainment systems are implemented as web applications. While ECMA maintains the ECMAScript standard, many variants and extensions of it exist. The multitude of language versions, frameworks, and environments poses a challenge, as a comprehensive understanding of the operating environment is essential for applying CWE and OWASP guidelines.
Comparative Analysis
From all these observations, the suitability matrices for ISO/SAE 21434 and ISO 25010 shown in Image 2 and Image 3 emerge.
Image 2: Suitability matrix for programming languages according to ISO/SAE 21434.
(Image: Perforce)
The suitability of individual programming languages depends on the "Safety Integrity Level" of the respective project. Projects where functional safety is central may require a certified toolchain, which drastically reduces the options.
C remains a good choice for simple applications in environments with limited hardware and strict real-time requirements.
C++ is better suited for complex frameworks with multiple layers. This includes, for example, the "AUTOSAR Adaptive Platform," whose programming interface is specified in C++.
Image 3: Suitability matrix for programming languages according to ISO/SAE 25010.
(Image: Perforce)
Java is suitable as a language within Java frameworks such as Android or in real-time environments where a real-time JVM is used.
Kotlin is also suitable for use in Android. However, the language is less stable than Java and its real-time support is more limited. On the other hand, it integrates better with JavaScript for in-vehicle infotainment applications.
C# is ideal for .NET, but this platform is not used in vehicles.
Python is suitable for only a few contexts; overall, there are more fitting alternatives. JavaScript, on the other hand, is indispensable for web user interfaces used in in-vehicle infotainment systems.
Finally, Rust offers the strongest characteristics for functional safety and is gaining increasing support, especially as more guidelines are being developed and toolchains are being certified.
Language Choice as a Strategic Decision
As the industry continues to evolve, the tools and practices used must also adapt. The choice of programming language is not just a technical matter. Rather, it is a strategic decision that has immediate impacts on the functional and digital security as well as the long-term maintainability of the program code. Such considerations must therefore be included in the language selection from the very beginning. (sg)
*Dr. Frank van den Beuken is a Principal Technical Support Engineer at Perforce Software.
:quality(80)/p7i.vogel.de/wcms/88/53/8853f7df2fe47a3d2c6f1879f6ac38e6/newsimage417073-1500x843v1v1.jpeg "Measuring setup for friction stir welding: Modular acoustic measuring system with flexibly positioned microphones for recording tool wear and process deviations in real time. (Image:Fraunhofer IDMT)")
:quality(80)/p7i.vogel.de/wcms/28/75/28751a17e2bcca46e53a1e7b8a84c433/schmersal-tiepner-029-6749x3796v1v1.jpeg "Tiepner's compact system produces ID cards made of laminated plastic, which are used as customer cards, ID cards or cheque cards, among other things. Left in the picture: Christian Höltge, Managing Director of Tiepner GmbH. (Image:Tiepner GmbH)")
:quality(80)/p7i.vogel.de/wcms/68/44/6844f9ae752767034c525d8dcdffe13e/0129139999v1.jpeg "Won-jong Kim, CEO of DN Solutions, and Dr. Thorsten Schmidt, CEO of the Heller Group, agree: \"This strategic partnership strengthens the position of both companies in precision technology.\" (Image:Heller)")
:quality(80)/p7i.vogel.de/wcms/c1/5b/c15b198344a31c237d35f919235fa73e/blechnext-20maas-1161x653v1v1.png "Blechnext offers sheet metal processors the Machine-as-a-Service partner model with a Tru Laser Center 7030 from Trumpf. (Image:Blechnext)")
:quality(80)/p7i.vogel.de/wcms/ba/a0/baa0c49f17909b10766fb582d1f8b531/sandvik-olp-case-study-hero-1377x774v1v1.png "With Visual Components' offline programming software, Sandvik has more than halved robot programming time, improved welding quality and repeatability, and increased robot cell utilization. (Image:Visual Components)")
:quality(80)/p7i.vogel.de/wcms/29/1e/291eaf788c2befc4d71686cd260fef3b/0129214102v1.jpeg "RobCo's robots consist of flexibly combinable hardware modules and use AI software for learning. (Image:RobCo)")
:quality(80)/p7i.vogel.de/wcms/de/75/de750a367b39ed3167210c6941b067b6/0129059153v1.jpeg "Figure 1: Preparation for the Cyber Resilience Act. By December 2027, device manufacturers must have implemented a series of mandatory measures. (Image:Microchip)")
:quality(80)/p7i.vogel.de/wcms/e6/e0/e6e0dae794b9068953f24ace08b6b0ca/0113143253v1.jpeg "In our China Market Insider, we regularly provide you with relevant information directly from China. (Image:© Eisenhans - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/0e/52/0e52ee794e7d24f8ddcb3e230f192e08/wscad-electrix-ai-2026-fill-cabinet-04-zoom-en-1720x967v1v1.png "The use of artificial intelligence makes it possible to systematically automate enclosure planning for the first time. This brings a number of advantages. (Image:WSCAD)")
:quality(80)/p7i.vogel.de/wcms/08/7e/087e5cbeb0039395c8759c8fdb54e24c/0129120874v1.jpeg "Digital consistency: Using Fresenius as an example, the article shows how companies benefit from integrated development processes. (Image:Fresenius Medical Care)")
:quality(80)/p7i.vogel.de/wcms/3d/63/3d637efb6dfefc529f08738bab2dc968/adobestock-1271004590--c2-a9-20the-20pixel-20store-20-e2-80-93-20stock-adobe-com-ki-generiert-2787x1568v1v1.jpeg "We present three innovations from the PLM and ALM world. (Image:The Pixel Store stock.adobe.com AI-generated)"){kind=tracking}
:quality(80)/p7i.vogel.de/wcms/59/37/5937b916a3d8bcbe2984391be7c18d8e/0129152959v1.jpeg "Mathworks and dSpace deepen their partnership: Road models created with RoadRunner can now be used directly in ASM OpenX. (Image:dSpac)")
:quality(80)/p7i.vogel.de/wcms/22/dd/22dd3f89e27950caea78d18b4a41766c/0129157014v1.jpeg "Volkswagen's first self-developed zonal electronics architecture goes into series production in China (Image:Volkswagen)")
:quality(80)/p7i.vogel.de/wcms/f5/22/f52293d339d8c952563eb00876da7cab/0129137154v1.jpeg "Joby Aviation is preparing for the first wave of pilot training for eVTOLs with CAE flight simulators. (Image:Joby Aviation)")
:quality(80)/p7i.vogel.de/wcms/36/c6/36c67f2e5e8fcb78c5a5b8d07673eec6/0129154312v1.jpeg "Yuchai intends to use its flywheel system - on the right-hand side of the engine - primarily in commercial vehicles. (Image:Yuchai)")
:quality(80)/p7i.vogel.de/wcms/2e/62/2e62e5977481169dd2a0301ab847dc2b/0129163687v1.jpeg "Increasing the voltage reduces the cable cross-sections and therefore the copper requirement considerably. (Image:Fraunhofer ISE)")
:quality(80)/p7i.vogel.de/wcms/5d/73/5d73b37d605e3d5f44de11d22447cedd/0129209328v1.jpeg "Agent BigEarth is based on a novel combination of several AI modules that work together as specialized sub-agents. (Image:BIFOLD)")
:quality(80)/p7i.vogel.de/wcms/d8/f8/d8f8fc64e23a1ed726fc8ac7ab697747/0129101600v1.jpeg "A new imaging technology makes it possible to detect early signs of heart disease through the skin. This opens up new markets for portable imaging systems. (Image:freely licensed)")
:quality(80)/p7i.vogel.de/wcms/95/e7/95e77e1c2ad5ee51222a6e287609643e/0129119186v1.jpeg "Photo of Micron's \"Site 3\" in Singapore, where NAND flash memory is manufactured. The memory manufacturer plans to invest a further 24 billion US dollars in the construction of an additional fab in Southeast Asia. The new plant is scheduled to go into operation by 2028. (Image:Micron)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80)/p7i.vogel.de/wcms/c9/0d/c90d6e8d22c14d1d8a0a0b4434d3bd05/0122854579v1.jpeg "STMicroelectronics and HighTec EDV-Systeme are working together on high security for software-defined vehicles. (Image:HighTec EDV-Systeme)")
:quality(80)/p7i.vogel.de/wcms/77/0c/770c8f573b89b21e9815058b2466cb5a/0126977852v1.jpeg "The rise of AI assistants is particularly noticeable with scripting languages, where \"vibe coding\" is often employed. However, programming languages tailored for very specific tasks also seem to lose significance — or at least visibility — with the use of GenAI for code generation. (Image:freely licensed)")