C# Versus VB.NET

I got a question from a friend of mine whose organization is moving to use .NET as their main development platform.  She was curious if they should have their developers use C# or VB.NET or should allow them to choose on their own.  Here was my answer:

We do almost all of our .NET development using C# because it has a more C/C++/Java style syntax that we find to be more clear and conducive to building and maintaining large-scale applications. Because the language is more structured the compiler is pickier about syntax. That makes it is little harder to write code until you get the hang of it because the compiler complains if lines of code don’t end in ; characters and so on. That is a good thing, though, because in the end that should result in more bugs being found by the compiler rather than slipping through to the released software.

 One of the big changes that was forced on developers moving from ASP classic (using VBScript) and ASP.NET was that ASP classic was “object based” and .NET is fully object oriented from the ground up. VB.NET was provided as an “easy” language that helped transition developers from ASP classic to ASP.NET. Really though the conceptual shift of moving from an object based environment to an object oriented environment is a bigger jump than any specific language syntax. If you are making the jump to retrain folks to develop in an object oriented environment go ahead and train them on a real object oriented language. I have found VB.NET’s syntax to be really unclear and kind of sloppy so I am not really a big fan.

 Assemblies (.DLLs) written in VB.NET (or any other .NET language) can interoperate with no problems with assemblies written in C# so it is possible to share components between projects written in VB.NET and C#. However if developers will have to work on the code from both projects it is probably best to have them all in the same language. Our developers have found it really hard to switch back and forth on the fly.

 One of the big benefits of the .NET platform is the huge set of APIs for doing things like file handling and network programming. These APIs are the same for all the languages because they use the same .DLL assemblies. The end result of this is that it can be really confusing to switch between VB.NET and C# because the base language syntax is different (is a ; required at the end of every line, are parenthesis required for method calls, etc) but the API calls look kind of similar. This leads to a lot of syntax errors and time spent Googling around trying to find code examples in a specific language.

 So you should probably have your folks decide on a standard language and stick to it because that will reduce confusion. And I would recommend C# as the language. It might be a little tougher for folks to learn and it isn’t initially as familiar as VBScript syntax, but that is a good thing because VBScript is a nasty terrible dirty language that should be forgotten as soon as possible :)

Am I being too hard on VB.NET?  Perhaps but I personally have never been able to get my head around the sloppy, laissez-faire syntax.  Nasty nasty nasty.

dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Information Security

Leave a Reply

Your email address will not be published. Required fields are marked *