https://www.infoworld.com/article/3714401/c-plus-plus-creator-rebuts-white-house-warning.html Close Ad infoworld UNITED STATES * United States * United Kingdom InfoWorld Logo More from the Foundry Network * About Us | * Contact | * Republication Permissions | * Privacy Policy | * Cookie Policy | * Copyright Notice | * Terms of Service | * European Privacy Settings | * Member Preferences | * Advertising | * Foundry Careers | * Ad Choices | * E-commerce Links | * California: Do Not Sell My Personal Info | * Follow Us * * * x Close * Home * Software Development * C++ C++ creator rebuts White House warning Biden administration seems oblivious of the strengths of contemporary C++ and the efforts to provide strong safety guarantees, Bjarne Stroustrup said. * Share on Facebook * Share on Twitter * Share on LinkedIn * Share on Reddit * Share by Email * Print resource * Paul Krill By Paul Krill Editor at Large, InfoWorld | shutterstock 561382627 C++ programming language source code syntax highlighting iunewind C++ creator Bjarne Stroustrup has defended the widely used programming language in response to a Biden administration report that calls on developers to use memory-safe languages and avoid using vulnerable ones such as C++ and C. In a March 15 response to an inquiry from InfoWorld, Stroustrup pointed out strengths of C++, which was designed in 1979. "I find it surprising that the writers of those government documents seem oblivious of the strengths of contemporary C++ and the efforts to provide strong safety guarantees," Stroustrup said. "On the other hand, they seem to have realized that a programming language is just one part of a tool chain, so that improved tools and development processes are essential." Safety improvement always has been a goal of C++ development efforts, Stroustrup stressed. "Improving safety has been an aim of C++ from day one and throughout its evolution. Just compare the K&R C language with the earliest C++, and the early C++ with contemporary C++. My CppCon 2023 keynote outlines that evolution," he said. "Much quality C++ is written using techniques based on RAII (Resource Acquisition Is Initialization), containers, and resource management pointers rather than conventional C-style pointer messes." The White House in a report released February 26 called on developers to reduce the risk of cyber attacks by using programming languages that do not have memory safety vulnerabilities. C++ and C were cited as two examples of languages with memory safety vulnerabilities. A November 2022 cybersecurity information sheet from the US National Security Agency (NSA) cited C#, Go, Java, Python, and Rust as languages considered to be memory-safe. Stroustrup cited a number of efforts to improve C++ safety. "There are two problems related to safety. Of the billions of lines of C++, few completely follow modern guidelines, and peoples' notions of which aspects of safety are important differ. I and the C++ standard committee are trying to deal with that," he said. "Profiles is a framework for specifying what guarantees a piece of code requires and enable implementations to verify them. There are documents describing that on the committee's website--look for WG21--and more are coming. However, some of us are not in a mood to wait for the committee's necessarily slow progress." Profiles, Stroustrup said, "is a framework that allows us to incrementally improve guarantees--e.g., to eliminate most range errors relatively soon--and to gradually introduce guarantees into large code bases through local static analysis and minimal run-time checks. My long-term aim for C++ is and has been for C++ to offer type and resource safety when and where needed. Maybe the current push for memory safety--a subset of the guarantees I want--will prove helpful to my efforts, which are shared by many in the C++ standards committee." Stroustrup previously defended the safety of C++ against the NSA, which recommended using memory-safe languages instead of C++ and C in a November 2022 bulletin. Next read this: * Why companies are leaving the cloud * 5 easy ways to run an LLM locally * Coding with AI: Tips and best practices from developers * Meet Zig: The modern alternative to C * What is generative AI? Artificial intelligence that creates * The best open source software of 2023 Related: * C++ * Application Security * Programming Languages * Software Development Paul Krill is an editor at large at InfoWorld, whose coverage focuses on application development. Follow * * * Copyright (c) 2024 IDG Communications, Inc. InfoWorld Follow us * * * * About Us * Contact * Republication Permissions * Privacy Policy * Cookie Policy * Copyright Notice * Terms of Service * European Privacy Settings * Member Preferences * Advertising * Foundry Careers * Ad Choices * E-commerce Links * California: Do Not Sell My Personal Info Foundry Copyright (c) 2024 IDG Communications, Inc. Explore the Foundry Network descend * CIO * Computerworld * CSO Online * InfoWorld * Network World [p]