, Bass wrote

I don't buy the types as safety argument. Types are a very, very poor code contracts. You can enforce contracts in dynamic languages too. Also, immutability.

You can, but experience shows that most people using dynamic languages don't use the time they gain by writing faster code to write better unit tests and other contracts.

Type safety is a ubiquitous set of basic unit tests on your code that are hard to opt out of. Indeed - Spec# goes further and tries to build even better contracts into the language, essentially going the complete other direction away from dynamic langauges.

I don't really believe type problems cause many bugs

SQL injections, type-confusion attacks, XSS injections, code execution flaws, eval inclusions, arbitrary file upload vulnerabilities and SOAP injections are all special cases of bugs caused by types getting confused.

So yeah, type confusion bugs are a big real world problem.

I'm not saying that static languages fix all your problems. It's possible to make really bad logic bugs in static languages, but the types fix lots of the basic typos or knock-on problems caused by refactoring internal functions.

You need unit tests and security reviews for code written in static languages and in dynamic languages, but in the absense of formal security procedures and unit tests, dynamic languages tend to come out vastly worse in security and correctness reviews.