How to Make C++ Less Vulnerable and How "Secure" Languages Aren't So Secure.
bootsy writes:
Herb Sutter has an interesting article on his blog about approaches to improve security in C++ and modifying the language to assist with stopping programming errors that lead to exploits.
https://herbsutter.com/2024/03/11/safety-in-context/
There are two interesting insights. Firstly. most CVEs come from issues that could be dealt with with small changes to C++ that are being proposed.
The second is that even coding in languages with automatic memory allocation can still have massive vulnerabilties. Even code written in Rust has vulnerabilities so the language alone is not the whole problem.
In that context, I'll focus on C++ and try to:
- highlight what needs attention (what C++'s problem "is"), and how we can get there by building on solutions already underway;
- address some common misconceptions (what C++'s problem "isn't"), including practical considerations of MSLs; and
- leave a call to action for programmers using all languages.
tl;dr: I don't want C++ to limit what I can express efficiently. I just want C++ to let me enforce our already-well-known safety rules and best practices by default, and make me opt out explicitly if that's what I want. Then I can still use fully modern C++... just nicer.
Read more of this story at SoylentNews.