C++ author Bjarne Stroustrup criticized the US government, which called on developers to use "memory-safe" programming languages and avoid using vulnerable languages like C++ and C.
"I find it strange that the authors of these provisions do not notice the strong aspects of modern C++ and efforts aimed at security," noted Stroustrup in a comment for InfoWorld.
The developer pointed out, in his opinion, the strong points of C++ - the constant improvement in security level since its creation in 1979.
"Just compare the K&R C language with the oldest C++, and early C++ with modern C++. My presentation at CppCon 2023 outlines this evolution. Many quality C++ are written using methods based on RAII (Resource Acquisition Is Initialization), containers, and resource management pointers," he said.
Bjarne Stroustrup also talked about efforts to enhance the security of the programming language.
- Out of billions of lines of C++, only a few fully comply with modern standards, and people's perceptions of what security aspects are important differ. Information needs to be clarified.
- Profiles are a framework for defining what a code fragment guarantees and allowing implementations to check them. The website of the language standards committee WG21 has documents describing this. Profiles allow for gradual improvement of security. For example, quickly eliminate most range errors.
"My long-term goal for C++ is to ensure type and resource safety when and where it is needed," summarized the developer.
In a new report, the White House National Cyber Director's Office (ONCD) urged developers to use "memory-safe programming languages" and abandon tools in C or C++. The advice is a step towards "protecting the building blocks of cyberspace."
According to the government, C and C++ allow arbitrary arithmetic with pointers to direct memory addresses without boundary checking.
Comments (0)
There are no comments for now