Best Programming Languages for Automotive Cybersecurity

As the automotive industry accelerates toward increasingly connected and autonomous vehicles, the importance of cybersecurity in embedded software development has never been greater. But how should you go about choosing the right programming language for automotive cybersecurity? 

This blog explores how programming language choice impacts cybersecurity and software quality in automotive systems and evaluates the suitability of eight popular programming languages — C, C++, Java, Kotlin, Python, C#, JavaScript, and Rust — within the context of AUTOSAR platforms and safety-critical development. 

Static Analysis Free Trial

Automotive Security Standards Considerations 

Modern vehicles are complex, software-driven systems. With this complexity comes a growing attack surface, making cybersecurity a top priority. In Perforce's annual Automotive Software Development Report, security is among the top three concerns among developers year after year. 

To address these challenges, developers are required to align with standards like ISO/SAE 21434, which governs cybersecurity engineering for road vehicles. General software quality characteristics, as defined by the ISO 25010 quality model, that are not required are still relevant for automotive software. However, 22% of report respondents in 2025 noted how difficult and time-consuming it was to fulfill security requirements for such standards. 

That's why it's so important to take standards requirements into account when choosing a programming language for automotive cybersecurity. Programming languages play a pivotal role in meeting these standards, influencing everything from modularity and abstraction to resilience against vulnerabilities. 

ISO/SAE 21434: Cybersecurity Engineering

ISO/SAE 21434 is a relatively new automotive standard for cybersecurity risk management in road vehicle electronic systems. Despite its recentness, most of those surveyed in the Perforce Automotive Software Development Report 2025 are required to comply with ISO/SAE 21434 (79%). 

The standard specifies requirements for software development including analysis to check for inherent weaknesses and the overall consistency, correctness, and completeness with respect to cybersecurity requirements. It includes criteria to be considered when selecting a programming language such as secure design and coding techniques and unambiguous syntax and semantic definitions. 

In addition, it has language criteria that are not addressed by the language itself. 

This can be accomplished in different ways. The most common way is to use a coding standard which defines a safe subset of the language. MISRA C is used the most for C. MISRA C defines the essential type system to prevent problems related to implicit type conversion in C. This is an example of strong typing. 

You can easily check coding standards compliance with static analysis tools like Perforce QAC and Klocwork. 

For our comparison, we will use the following terms to summarize programming language properties. 

Language covers the quality of the language standard. It captures whether syntactic correctness and semantics are clearly specified for any program. 

Features determine the richness of the language. There can be support for modern programming paradigms, which facilitate writing safe and secure software. 

Guidance shows the availability of documentation and tools supporting the language. This includes coding standards and static analysis tools. 

Integration is the ease with which programs can interact with programs written in other programming languages. 

Resilience is about the availability of methods to guard against improper use of the language. This is a combination of protection provided by the language toolchain and static analysis tools. 

ISO 25010: Software Quality Model 

ISO 25010 defines eight quality characteristics and 31 sub-characteristics. 

Programming languages need to provide features so that developers can produce software that has these characteristics. 

Security is one of the characteristics, but we need to establish for all quality characteristics how well they are supported by programming language features. For real-time applications, Functional Suitability and Performance Efficiency are just as important. 

In addition, for automotive projects, Maintainability is important because of the high degree of component re-use, and Portability to be able to easily support new hardware. 

AUTOSAR Platforms 

AUTomotive Open System ARchitecture (AUTOSAR) aims to standardize and future-proof basic software elements, interfaces, and bus systems to help vehicle manufacturers manage growing system complexity while keeping costs down. 

The Classic Platform API, intended for vehicle functions with strict real-time requirements and safety criticality, is specified using the C programming language and the new Adaptive Platform API for connected and autonomous driving, using C++. However, the Adaptive Platform explicitly supports the insertion of other language bindings. We will consider the other popular programming languages — Python, Java, C#, JavaScript, Go, and Rust — and discuss their quality characteristics and how weaknesses can be mitigated.

Language Evaluations 

Native Languages 

Native languages are compiled to object code that can be executed directly on the target machine. In order of date of initial release, the languages are C, C++, Rust, and Go.

C and C++

There are safety and security concerns with native execution; program errors can result in crashes, and security vulnerabilities may be exploited. For C and C++, ISO maintains language standards. The language standards specify problematic behaviors. C and C++ can exhibit many forms of undefined behavior (for example, use of uninitialized data, null pointer dereferences, or buffer overruns). 

Fortunately, these problems are well understood, and coding standards and guidelines like MISRA C and MISRA C++ exist to mitigate against undefined behavior. Static analysis tools such as Perforce QAC and Perforce Klocwork can be used to enforce coding standards. 

Native languages are inherently performance efficient. C and C++ provide the highest degree of control over execution, enabling optimal runtime and memory performance. However, this comes with the risk of memory access errors, such as use after free. Coding standards provide guidance in this area. MISRA C has a required rule that forbids the use of dynamic memory. In C++, Scope Bound Resource Management is a way to automate memory management. 

Go

The Go language was released by Google in 2009. Its design has an emphasis on concurrent execution. It allows manual memory management like C with the associated risks, or automatic memory management using a garbage collector that adds non-determinism, making it unsuitable for real-time applications. 

Rust

The Rust Reference is a book that describes the Rust programming language. The Ferrocene toolchain includes a language specification. 

Rust provides a novel intermediate dynamic memory solution which is based on ownership. It has rules for ownership that the program must obey, which are used to automate memory management like C++ SBRM. This means that it is harder to write a correct program, but the resulting code will not need garbage collection and be suitable for real-time applications. The language rules guarantee that safe Rust code cannot have errors like null pointer dereferences, buffer overflows, and data races. For unsafe code, such guarantees cannot be given. 

The recently founded Safety-Critical Rust Consortium is working on additional guidance for safety. A subset of MISRA C that is applicable to Rust has been created by Perforce and is planned for an upcoming release of Perforce QAC. 

In terms of language features, C only supports procedural programming, and all other languages support modern programming paradigms. 

C compilers are available for almost every hardware. C++ compilers are available for nearly all of those. Rust is compiled to native code using LLVM technology, which supports a wide range of architectures. Go is only supported on desktop platforms. 

Since C++ is based on C, it is possible to use C code directly in C++ programs. Because C is the oldest and least complex of the considered languages, and compilation or runtime environments for other languages are often implemented in C or C++, it is possible to integrate C code in all environments.

For C++, this is complicated by its application binary interface (ABI), which can vary, and its name mangling, but for many languages solutions exist. 

Rust works very well with C, and support for C++ is available. The Rust Foundation has started a C++/Rust Interoperability Initiative to develop a mature, standardized approach for C++. 

Go does not support direct calling of functions written in C or C++, but solutions exist to generate wrappers for this. These wrappers depend on the Go compiler that is used. 

Platform Languages

Java and Kotlin

A platform provides an abstraction of the machine. It has a compiler that produces bytecode for its virtual machine. Java and Kotlin operate on the Java platform with the Java Virtual Machine (JVM). C# is the primary language for the Microsoft.NET platform with the Common Language Runtime (CLR). 

Execution of programs is fully defined by the specification of the virtual machine. However, they come with a garbage collector which can cause non-determinism. Real-time Java platforms exist with a preemptive garbage collector that is deterministic. Programs can still have bugs and security issues, though, so we recommend following the CERT coding standard for Java as well as CWE, which provides weakness lists, and OWASP, which provides cheat sheets for both platforms. 

Kotlin has been appointed by Google as the main programming language for the Android mobile platform. (Previously, Java was the main language.) Android has a Native Development Kit that includes mature support for C and C++, and Rust was added as an option in 2021. 

Java is available for common desktop and server platforms. .NET is only supported well on Windows. 

In terms of integration, the platforms can support different approaches. The JDK provides the usual type of integration where the platform provides a C API for a native programming language (jni.h), so that native code can interact with the VM. .NET Framework also supports this type of integration. However, .NET provides compilers for many different programming languages, and these components can interact directly in the source code. It is also important to consider that languages can have subtle semantic differences. In the same way that Java and Kotlin can interact directly in the JVM, there are again subtle differences such as Kotlin's better null safety, that must be considered. 

Finally, .NET Framework provides support for interoperation with COM libraries, and Python.NET provides interoperability between Python and all .NET languages. 

Interpreted Languages

The remaining two languages, Python and JavaScript, are interpreted languages. Interpreters read the program by line and execute the commands. This makes them the least deterministic and least suitable for use in real-time systems. 

Python

Python is a popular scripting language that runs slowly but is easy to write. It is often used as a glue between fast components written in native languages. This type of integration is on the system level, i.e. system calls to other executables are performed. On the language level, Python provides a C API to write C code that runs in and interacts with the Python interpreter. Python's popularity is partly explained by the availability of efficient packages that use native code for common tasks such as parsing XML. 

JavaScript

JavaScript is the language for the behavior of web pages, and there are automotive In-Vehicle Infotainment (IVI) systems that are implemented as web applications and use JavaScript. ECMA maintains the ECMAScript standard, but many variations and extensions exist. The myriad of language versions, frameworks, and environments can be challenging, so it is important to have a complete understanding of the operating environment so that guidance from CWE and OWASP can be used. 

For browser-focused interoperability, WebAssembly can compile various programming languages to object code that can be executed efficiently in the web browser. 

Comparative Analysis 

You can see what we've observed from the previous sections summarized below in the following suitability matrixes for ISO/SAE 21434 and ISO 25010. 

ISO/SAE 21434 Suitability

Key: ++ = highly suitable / + = suitable / o = neutral / - = unsuitable / -- = highly unsuitable

ISO 25010 Suitability 

Key: ++ = highly suitable / + = suitable / o = neutral / - = unsuitable / -- = highly unsuitable

Determining Language Suitability for Automotive Cybersecurity

Suitability depends on the Safety Integrity Level (SIL) of the project. For safety-critical projects, a certified toolchain may be required, which drastically reduces the options. 

• C remains a good choice for simple applications in environments with limited hardware and strict real-time requirements.
• C++ is a more suitable choice in complex layered frameworks, like the AUTOSAR Adaptive Platform, whose API is specified in C++.
• Java is suitable inside Java frameworks like Android or in real-time environments when a real-time JVM is used. Kotlin is also suitable for use in Android, but is less stable than Java and has less real-time support — but it does integrate better with JavaScript for IVI applications.
• C# is suitable for .NET, but that platform is not used in cars.
• Python will only be suitable in a few contexts, and more suitable alternatives exist.
• Javascript is essential in web user interfaces that are used in IVI.
• Rust offers the strongest safety guarantees and is gaining traction, especially with emerging guidance and certified toolchains. 

As the automotive industry evolves, so must our tools and practices. Language choice is not merely a technical decision — it is a strategic one that directly impacts safety, security, and long-term maintainability. 

Improving Automotive Cybersecurity with Perforce Static Analysis for C, C++, C#, Python, Java, JavaScript, and Kotlin 

Perforce Static Analysis tools, QAC and Klocwork, keep software quality high by detecting cybersecurity vulnerabilities as the code is being written. 

QAC and Klocwork also enforce security standards like ISO 21434 and flag any rule violations for safety-critical coding standards like MISRA. 

Choosing the right static analysis tool is just as important as choosing the right programming language for automotive cybersecurity. 

See for yourself how Perforce Static Analysis can help improve automotive cybersecurity. Register for your free trial today! 

Sign Up for Your Free Trial