Why Security-Aware Systems Coders Should Learn Haskell
Haskell teaches you what is difficult to learn in systems coding languages: correctness, concurrency, and parallelism--all needed for Fintech.
Why would I, The Systems Coder, be recommending the Haskell programming language?
If you are a fintech developer or are a systems coder interested in avoiding security bugs, listen up: Haskell solves a massive pain point in fintech: costly logic bugs, not security bugs, that cost millions of dollars.
What do you mean by logic bugs? Functional correctness is the concept that a software function behaves as expected for all input cases. We all strive to make our code functionally correct when we program to varying degress of success. And yes—your choice of coding language will affect how quickly you code your software correctly.
The stronger a type system is the faster the compiler will detect errors in your code on your behalf. A strong type system is one that is strict on how variable of different data types can be used to perform a task. The stricter the language is about this the faster the compiler catches an error in your code. It also matters that the programming language is static which means that you cannot change the data type of the value a variable stores once the variable is initialized.
So a strong, static type system is critical to detect bugs in your code early in your software’s history. Haskell has an even stronger static type system than Rust. Yes, even moreso than Rust. There is a saying across Haskell circles that if your code compiles there is a good chance it is correct. Although not literally true it is on average truer in Haskell than in any other language I have researched.
I admit I have never heard of costly logic bugs as a business point until a few days earlier. I have heard of security bugs as a pain point. Not logic bugs. Have you?
Well, costly logic bugs in code are a major pain point in the fintech industry for a simple reason.
When you translate math equations to software you have to make sure the software is correct. If not a simple calculation error can cause millions of dollars.
That’s why fintech companies like Mercury, Standard Chartered, and Barclays have all invested in building technology in Haskell to avoid this.
That one pain point, costly logic bugs, is what fuels demand for Haskell use in the fintech industry. And I see no reason to believe that will change in the future. Even Rust does not have as strong and static type system as Haskell does.
It took me over 12 years to finally find a business pain point that would make learning Haskell truly worth it. This is it. Haskell is a great choice for production systems in fintech—saving money in development and in fees to pass regulatory compliance.
This is going to be one amazing journey.
Boost Your Critical Thinking Skills
Haskell is not only well known in the fintech industry it is also well known for advancing your problem-solving skills in software development. You will get better at recursive programming, data structures, and algorithms when you pick up a functional language in general. Recursion is easier to master in a functional programming language in general than an imperative one.
What’s great about Haskell is that it offers awesome documentation on how to make your garbage-collected more efficient, correct, and secure: purely functional data structures. A great book on this is Purely Functional Data Structures by Chris Okasaki. And now that I have the intention of picking up Haskell for quantitative finance—it makes sense that I read that. It will make it much easier to develop code that uses concurrency and parallelism—which are hard to get right in imperative languages like C/C++. That’s why banks use the Software Transactional Memory library that comes with Haskell—it implements those purely functional data structures for you and is used by real fintech industries like Mercury Bank.
So if you have ever been frustrated by recursive concepts and are looking for an intellectual challenge and an enlightening journey that is useful in fintech—Haskell is your choice!
Why Haskell for Security-Conscious Developers
Why would a systems coder heavily interested in software security get interested in Haskell. If you are interested in building a career helping companies avoid security bugs you have to find a viable career path to monetize it.
Some people care about detecting bugs in systems programming codebases more than web applications like myself. I find systems programming codebases much more interesting than webapps.
Well, there are only two ways I found to do that. Either you make a static analysis security testing tool like Semgrep or you make software that mathematically proves security bugs are absent like TrustInSoft. If you are developing cryptographic software you have to use a proof-assist language like F* to manually prove the code is secure—which is an immense, bigger hassle. Both options have serious issues for people that wish to launch a career that requires simple self-study.
Making a static analysis security testing tool like Semgrep can get dull: you have to manually add parsing rules to the engine to detect vulnerability patterns in software. This can become a chore to do after you get good at parsing.
If you have ever done recursive parsing before you can imagine how repetitive this gets. After the first few projects its the same techniques applied repeatedly to add detection for new vulnerability patterns. That, and those static analysis security testing tools waste developer time when they make false bug reports.
If you want serious accuracy you can go down the formal methods route. Bad news for self-learners: you will have to get advanced credentials and go through the hassle of getting your software certified before you can sell it to safety-critical industries such as US Government agencies. All of that prevents your business model from being scalable. It doesn’t help that there are very few books in the market to learn abstract interpretation—the technique behind companies like TrustInSoft that automatically prove the absence of bugs in codebases.
So I went back to the drawing board and paid attention to the next best option: learning a new language with a static, strong typing system. I always wanted to learn a functional language to master recursive-based programming—something that imperative will never help you fully grasp. I didn’t just want to learn a language like Java or Rust. I wanted to learn a language that offers to help me master CS concepts hard to master elsewhere. Learning a programming language for production is an intense investment of your mental energy and I expect the community, books, and language will make me a more effective coder at the end of the journey.
After some research I settled with Haskell since it is clear it resolves the fintech pain point of saving money from logic bugs. Although not a security bug in the strict sense of the word it is similiar to resolving security bugs in spirit—we don’t want anyone to get hurt due to unexpected side effects.
That’s why I would argue security-conscious developers that self-study computer science on their own to invest in Haskell for fintech: its a great career path to exercise your secure-coding skills in an industry that values it—yes even over speed in niche cases. Easy for self-study and your best opportunity to financially profit from it whether as a career or even as a financial investment that can scale for real.
Your systems coding skills will not go to waste in fintech either. Even fintech has to care about performance when expressing certain mathematical formulas. For those cases C++ is the language of choice to complement your Haskell-correct code.
My two-cents for every security-conscious systems coder that wishes to monetize their interest: Learn Haskell for Fintech!


