Herb Sutter on increasing safety in C++

Date:
Tue, 12 Mar 2024 19:21:16 +0000

Description:
Herb Sutter, chair of the ISO C++ standards committee, writes about the current problems with writing secure C++,
and his personal opinion on next steps to address this while maintaining backward compatibility. If there were 90-98% fewer C++ type/bounds/initialization/lifetime
vulnerabilities we wouldn't be having this discussion. All languages have CVEs,
C++ just has more (and C still more); so far in 2024, Rust has 6 CVEs , and C and C++ combined have 61 CVEs . So zero isn't the goal; something like a 90% reduction is necessary, and a 98% reduction is sufficient, to achieve security parity with the levels of language safety provided by MSLs [memory-safe languages] and has the strong
benefit that I believe it can be achieved with perfect backward link compatibility (i.e., without changing C++'s object model, and its lifetime model which does not depend on universal tracing garbage collection and is not limited to tree-based data structures) which is essential to our being able to adopt the improvements in existing C++ projects as easily as we can adopt other
new editions of C++. After that, we can pursue additional improvements to other buckets, such as thread safety and overflow safety.

======================================================================
Link to news story:
https://lwn.net/Articles/965147/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)