C++ author Bjarne Straustrup criticized the US government, which urged developers to use «memory-safe» programming languages and avoid using vulnerable ones such as C++ and C.
«I find it strange that the authors of these resolutions do not notice the strengths of modern C++ and the efforts aimed at ensuring security», – said Strausrup told InfoWorld.
The developer pointed out what he believes to be the strengths of C++ — the constant improvement of security since its inception in 1979 to the present day.
«Just compare K&R C to the earliest C++, and early C++ to modern C++. My talk at CppCon 2023 outlines this evolution. A lot of good C++ is written using methods based on RAII (Resource Acquisition Is Initialization), containers, and resource management pointers»,” he said.
Bjarne Straustrup also spoke about efforts to improve the security of the programming language.
- Of the billions of lines of C++, only a few are fully compliant with modern guidelines, and people’s ideas about which security aspects are important differ. You need to clarify the information.
- Profiles — is a framework for defining what a piece of code guarantees and allowing implementations to verify them. On the website of the programming language standards committee WG21There are documents that describe this. Profiles allows you to gradually improve security. For example, most range errors can be eliminated relatively quickly.
«My long-term goal for C++ is that C++ will provide type and resource safety when and where it is needed», — the developer summarized.
As a reminder, a new report by the White House Office of the National Cyber Director (ONCD) called on developers to use «memory-safe programming languages» and to abandon C or C++ programming tools. This advice is a step towards «protecting the building blocks of cyberspace».
According to the government, C and C++ allow arbitrary arithmetic with pointers with direct memory addresses without checking bounds.