this post was submitted on 03 Jul 2024
47 points (80.5% liked)

Programmer Humor

19701 readers
151 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 

A shitpost about languages that generate CVEs

you are viewing a single comment's thread
view the rest of the comments
[–] rushaction 2 points 4 months ago (2 children)

... the only language where 90% of the world's memory safety vulnerabilities have occurred in the last 50 years

Yeah... That's a shit post alright.

I'm not a C developer myself, but that's just a low blow. Also, uncited ;).

[–] verstra 9 points 4 months ago* (last edited 4 months ago) (1 children)

This is an overstatement, definitely. C is one of the few (mainstream) languages where memory safety vulnerabilities are even possible. So if you batch C and C++ together, they probably cover more than 90% of all the memory unsafe cove written in last 50 years, which is a strong implication that they will contribute to 90% of memory vulnerabilities.

All that said, memory vulnerabilities are about 65% of all high implact vulnerabilities on Chromium project^1 and about 70% of vulnerabilities at Microsoft ^2.

[–] [email protected] 2 points 4 months ago

So we'd only fix 70% of vulnerabilities by switching to rust? Not enough! Better keep writing C/C++!

[–] 5C5C5C 6 points 4 months ago

Yeah the only way it would be that high is if it lumps C and C++ together. But at that point it may be an underestimate.