this post was submitted on 21 Mar 2024
31 points (97.0% liked)

C++

1775 readers
1 users here now

The center for all discussion and news regarding C++.

Rules

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 8 months ago* (last edited 8 months ago) (1 children)

C++ can be written to be safe. I don't think WH is the right authority to issue this warning. Naming C++ rather than going after specific features is unfair.

That said, writing safe C++ requires a good training, and I've seen many colleagues who don't / can't write safe C++. I don't think my company has the skill. I don't think I can fix my company. Also, the safety in C++ breaks down the moment someone links to an unsafe library. C++ does not really offer language support for analyzing what's safe and what's not.

We all knew Stroustrup was going to defend C++. I have read him do so a few times in the past. Imho he always does make a point. But I've never seen him admit any weakness. I've never seen a non-C++ dev see his comments and change their mind.

[–] lysdexic 0 points 8 months ago* (last edited 8 months ago) (1 children)

C++ can be written to be safe. I don’t think WH is the right authority to issue this warning. Naming C++ rather than going after specific features is unfair.

I suspect that the white house just received a report from some people in the industry stating that faulty software is vulnerable to attacks from bad actors, and from that basis they just went the simplistic path of arguing that 1) lots of software is written in C++, 2) that software has bugs, therefore if we don't use C++ then we won't have bugs.

As a branch of government, their role is not to evaluate technical merits of proposals but to hear what their representatives have to say.

[–] technom 3 points 8 months ago

One of their sources is the NSA, which is both mandated to make such recommendations and has the competence to do so. And as for the safety of C++, it's possible to write unsafe code in modern C++. One of the best examples is multithreaded code. Modern C++ is far safer than C or pre-C++11, but it doesn't address the entire space of memory safety.