Bjarne Stroustrup responds to NSA recommendation and contradicts C++ classification
Bjarne Stroustrup, the creator of the C++ language, posted objections to the findings of the NSA report, which recommended that organizations move away from using programming languages like C and C++, which shift memory management to the developer, in favor of languages like C#, Go, Java, Ruby, Rust, and Swift that provide memory management automatically or perform memory safety checks at compile time.
According to Stroustrup, the secure languages mentioned in the NSA report are not really superior to C++ in important applications from your point of view.
The NSA advises organizations to consider making a strategic change to the programming languages they use. provide little or no inherent memory protection, like C/C++, to a memory-safe language
when it is possible
In particular, heThe Basic C++ Guidelines, which have been developed in recent years, cover methods for secure programming and prescribe the use of tools that ensure safe work with types and resources. However, developers who do not require such strong security guarantees can continue to use older development methods.
Stroustrup believes that a good static analyzer that complies with the C++ Core Guidelines can provide the necessary security guarantees for C++ code at a much lower cost than switching to new secure programming languages.
For example, most of the Core Guidelines are already implemented in the Microsoft Visual Studio Static Analyzer and Memory-Safe Profile. Some of the recommendations are also taken into account in the Clang tidy static analyzer.
The NSA report was also criticized for focusing only on memory problems., leaving many other programming language issues that affect security and reliability unaddressed.
Unfortunately, much of C++ usage is also stuck in the distant past, ignoring improvements, including ways to drastically improve security. Now, if I were to consider any of those "safe" languages superior to C++ for the range of uses I'm interested in, I wouldn't consider the demise of C/C++ a bad thing, but that's not the case.
Bjarne Stroustrup disagrees that the NSA publication limits the notion of protecting software to protecting memory. Actually, this aspect is a common denominator of all the publications that advise ditching C or C++ in favor of the Rust language for the security guarantees of the software that several large companies (Microsoft, Amazon, etc.) recognize it.
“There is no single definition of 'security,' and we can achieve a variety of security types through a combination of programming styles, support libraries, and leveraging static analysis,” he says. Bjarne Stroustrup thus suggests that what can be obtained from C++ in terms of software security depends, among other things, on the developer and, in particular, on the knowledge of the tools that the language offers, his mastery of the compiler, etc.
Stroustrup views security as a broader concept, the various facets of which can be achieved through a combination of coding style, libraries, and static analyzers. To control the inclusion of rules that guarantee the safety of working with types and resources, he proposes to use code annotations and compiler options.
In applications where performance is more important than security, this approach allows selective use of tools that ensure security only where it is needed. Security enhancement tools can also be partially applied, such as first limiting the range check and initialization rules, and then gradually adapting the code to more stringent requirements.
Finally, if you are interested in being able to learn more about the publication of the creator of C++, you can consult the details in the following link
Be the first to comment