Bjarne Stroustrup, the creator of the C++ language, published objections to the findings of the NSA report, which recommended that organizations move away from using programming languages ββsuch as C and C++, which shift memory management to the developer, in favor of languages such as C#, Go, Java, Ruby, Rust, and Swift that provide automatic memory management or perform memory-safety checks at compile time.
According to Stroustrup, the secure languages ββmentioned in the NSA report are not really superior to C++ in important applications from his point of view. In particular, the C++ Core Guidelines, which have been developed in recent years, cover safe programming methods and prescribe the use of tools that guarantee safe work with types and resources. However, developers who do not require such strong security guarantees are left free to continue using older development methods.
Stroustrup believes that a good static analyzer that complies with the C++ Core Guidelines can provide the necessary security guarantees for C++ code at a much lower cost than switching to new secure programming languages. For example, most of the Core Guidelines are already implemented in the static analyzer and memory-safe profile from Microsoft Visual Studio. Some of the recommendations are also taken into account in the Clang tidy static analyzer.
The focus of the NSA report was also on memory issues, leaving many other programming language issues that affect security and reliability unaddressed. Stroustrup sees security as a broader concept, the various facets of which can be achieved by a combination of coding style, libraries, and static analyzers. To control the inclusion of rules that ensure the safety of working with types and resources, it is proposed to use annotations in the code and compiler options.
In applications where performance is more important than security, this approach allows for the selective use of tools that guarantee security only where it is needed. Security enhancement tools can also be applied partially, such as limiting the range checking and initialization rules first, and then gradually adapting the code to more stringent requirements.
Source: opennet.ru