Go 1.18 comes with two exciting security features

It is exciting for me to see two new (security) features that will be added to Go. This will shift the language security to a new level:

  • Fuzzing as a first class citizen: after seeing the value of fuzzing and volume of hard-to-find bugs discovered (see go-fuzz), there is proposal to add fuzzing to go binary. This means you can go fuzz similar to go test.

  • Support for type parameters: Making Unsafe Behaviour Impossible is one the Defensive Programming principles that we cover in our workshops. However, implementation of the principle without phantom types is difficult and relies on third-party libraries. This proposal supersed the previous Design by Contact and can natively enforce safe behaviours (e.g. function call).

Go 1.18 will be released sometimes in early 2022.