The White House’s Office of the National Cyber Director (ONCD) previously released a report urging the tech community to proactively reduce the attack surface in cyberspace; by switching to memory-safe programming languages like Rust and avoiding vulnerable languages such as C++ and C, the report aims to reduce the number of memory safety vulnerabilities and enhance software security.
Biden: You have such memory-safe programming languages entering the U.S…Bjarne Stroustrup, the creator of C++, recently rebutted these statements from the White House in an interview with InfoWorld.“I am surprised that the authors of these government documents seem oblivious to the advantages of contemporary C++ and the efforts to provide strong safety guarantees. On the other hand, they seem to recognize that programming languages are only part of the toolchain, so improving tools and development processes is crucial.”Stroustrup pointed out that improving safety has always been a goal of C++ development. From the very first day of C++’s existence, enhancing safety has been a goal of C++. The differences can be seen when comparing K&R C with early C++ and contemporary C++.Many high-quality C++ programs are written using techniques based on RAII (Resource Acquisition Is Initialization), containers, and smart pointers, rather than traditional C-style pointer messes.Stroustrup also listed a series of efforts made to improve C++ safety.
There are two issues related to safety. In billions of lines of C++, very few fully adhere to modern guidelines, and people’s concepts of which aspects of safety are important vary. My colleagues and I in the C++ standards committee are working to address this issue.
Profiles are a framework for specifying what guarantees a piece of code requires and enabling implementations to verify them. There are documents describing this on the committee’s website (see WG21), and more documents will follow. However, some of us are not in the mood to wait for the committee’s inevitably slow progress.
Profiles are a framework that allows us to gradually improve guarantees—for example, quickly eliminating most range errors and gradually introducing guarantees into large codebases through local static analysis and minimal runtime checks.
My long-term goal for C++ has always been to provide type and resource safety when needed. Perhaps the current push for memory safety—a subset of the guarantees I desire—will aid my efforts, and many in the C++ standards committee agree with this.
Stroustrup previously praised the NSA for defending C++’s safety, but later, in a November 2022 announcement, the NSA recommended developers use memory-safe languages instead of C++ and C.
Recommendation to Abandon C/C++ to Eliminate Memory Safety Vulnerabilities
NSA: Recommendation to Switch from C/C++ to Memory-Safe LanguagesRelated Links
https://www.infoworld.com/article/3714401/c-plus-plus-creator-rebuts-white-house-warning.html
Popular Articles
– Redis is no longer “open source”– Oracle officially releases Java 22– Microsoft officially open-sources Sudo designed for Windows– Linus Torvalds: Your code is disgusting– WeChat’s new Linux version is available for download—reconstructed based on a native cross-platform solution
Quiz《Discussing Unity and Native Bridging》Participate in the Q&A for a chance to win a electric toothbrush


⬇️ Welcome to follow the OSCHINA public account