Herb Sutter on increasing safety in C++
Herb Sutter, chair of the ISO C++ standards committee,writes about the current problems with writing secure C++,and his personal opinion on next steps to address this while maintainingbackward compatibility.
If there were 90-98% fewer C++ type/bounds/initialization/lifetimevulnerabilities we wouldn't be having this discussion. All languages have CVEs,C++ just has more (and C still more); so far in 2024,Rust has 6 CVEs, andC and C++ combined have 61 CVEs. So zero isn't the goal; something like a 90%reduction is necessary, and a 98% reduction is sufficient, to achieve securityparity with the levels of language safety provided by MSLs [memory-safe languages]... and has the strongbenefit that I believe it can be achieved with perfect backward linkcompatibility (i.e., without changing C++'s object model, and its lifetimemodel which does not depend on universal tracing garbage collection and is notlimited to tree-based data structures) which is essential to our being able toadopt the improvements in existing C++ projects as easily as we can adopt othernew editions of C++. - After that, we can pursue additional improvements toother buckets, such as thread safety and overflow safety.