31
C++ creator rebuts White House warning
(www.infoworld.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 21 Mar 2024
31 points (97.0% liked)
C++
1643 readers
2 users here now
The center for all discussion and news regarding C++.
Rules
- Respect instance rules.
- Don't be a jerk.
- Please keep all posts related to C++.
founded 1 year ago
MODERATORS
Honestly his defence is rather weak. “It’s been improving and there are ways to use it safely.”
That is not to say I agree with the administration’s statement. Not only is secure code only one aspect among a myriad to consider when choosing a language, using a “safer” language does not necessarily lead to more secure code.
Yeah, I like his argument about profiles maybe going to be able "e.g., to eliminate most range errors relatively soon."
Well maybe C++ could be considered safe "relatively soon" then but not right now.
Like he says: "Of the billions of lines of C++, few completely follow modern guidelines, and peoples’ notions of which aspects of safety are important differ."
That said, I don't really consider C++ to be inherently unsafe, there's a lot that goes into secure programming in any language. Just because you can't write to an array out of bounds in python doesn't mean your code is magically immune to vulnerabilities and just because you can in C, it doesn't mean your code is magically vulnerable to RCE from some buffer overflow.
I also don't really trust myself to write perfectly safe production C++ though. I feel like it's still too easy to feel like you know exactly what you're doing and accidentally miss something small (hence the many thousands of memory safety CVEs in professional software).