Developer pillar · Module 2 of 6

Languages and ecosystems

There’s no “best” language. Each has strengths and use cases. Here’s an honest guide to help you choose—or understand what you’re working with.

← Back to Developer Fundamentals Training

Controls stack visual kit

Reusable icons and a telemetry-to-audit diagram aligned to our fundamentals and operational guides.

Governance evidence

Use for control statements that cite ISO/IEC 42001 clause 6.3 change management, EU AI Act Articles 62–75, and SOC 2 trust service criteria.

Secure supply chain

Pair with SBOM, provenance, and intake guidance that references SPDX or CycloneDX formats, SLSA Level 3 attestations, and NIST SSDF tasks PS.3/PO.4.

Telemetry & evaluations

Highlight logging of prompts, responses, refusal rates, and safety filters alongside adversarial evaluation suites from NIST AI RMF playbooks or UK AISI guidance.

Assurance & resilience

Use for incident response and assurance artefacts that must meet OMB M-24-10 24-hour notifications, CIRCIA’s 72-hour clocks, and serious-incident duties under the EU AI Act.

Signals Controls Evidence Audit

Signals: prompt traces, supplier advisories, and safety filter activations streamed into monitoring.
Controls: guardrails, change review, SBOM validation, and access enforcement tied to AI lifecycle gates.
Evidence: runbooks that capture artefacts for ISO/IEC 42001 management reviews and SOC 2 narratives.
Audit: regulator-facing packets that satisfy EU AI Act post-market monitoring, OMB M-24-10, and CIRCIA timelines.

The languages you’ll encounter

Python

Readable, versatile, beginner-friendly. Dominant in data science, ML, and automation. Slower than compiled languages, but fast enough for most things.

Good for: Learning, data science, scripting, web backends, automation.

JavaScript/TypeScript

The language of the web. Runs in browsers and on servers (Node.js). TypeScript adds static typing. Essential if you’re doing anything web-related.

Good for: Web frontends, web backends, full-stack development.

Java

Enterprise workhorse. Verbose but reliable. Runs everywhere (JVM). Huge ecosystem. Many legacy systems use it, so there’s always work.

Good for: Enterprise apps, Android development, large-scale systems.

Go

Google’s language. Fast, simple, great for concurrent programs. Popular for infrastructure, cloud tools, and microservices. Easy to learn.

Good for: Cloud infrastructure, APIs, DevOps tooling.

Rust

Memory safety without garbage collection. Steep learning curve, but loved by those who master it. Growing in systems programming.

Good for: Systems programming, performance-critical code, security.

C/C++

Close to the hardware. Maximum performance and control. Complex and error-prone. Essential for games, embedded systems, operating systems.

Good for: Game engines, embedded systems, OS kernels.

🎯 How to choose

Pick based on what you want to build, not what’s trending. Want to do data science? Python. Web development? JavaScript. Mobile apps? Swift (iOS) or Kotlin (Android). Your first language doesn’t matter as much as getting fluent in one—concepts transfer.

Free resources

Python: LearnPython.org — Interactive tutorials
JavaScript: JavaScript.info — Modern JS tutorial
Go: A Tour of Go — Official interactive tutorial
Rust: The Rust Book — The definitive free guide

← Previous: Programming fundamentals Next: Development tools →