White House urges developers to dump C and C++::Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.
C is not the problem, it’s sloppy “programmers” who cannot handle direct memory control and who do not understand the underlying system architecture and how a microprocessor operates. People who are good at writing C can make code just as safe as the safest Rust code.
Your take is objectively false. This issue has been studied and the conclusion every time is that real programmers make memory-related mistakes all the time. Even if there are a few superhuman programmers who never get tired, have a bad day, or misunderstand an API, firing the 99.99% of programmers who aren’t superheroes isn’t a realistic solution to anything.
I love C, but C definitely is the problem.
While one disciplined programmer can in theory write correct code, once there is a small group of even good C programmers and a code base with more than around 3000-5000 LOC, there will be bugs. There is a good reason for tools like Valgrind etc.
While I think C and C++ are the problem, I don’t think Rust is the solution, tho.
While this is technically correct, it’s tantamount to saying “just don’t make mistakes”, or arguing that a seatbelt is unnecessary because many are good enough drivers to not need it.
Languages like C and C++ do not prohibit the kinds of mistakes that the NSA told us two years ago lead to software vulnerabilities.
Other languages, like Rust, have higher guardrails built in and make it much more difficult to accidentally create the same failure modes.
If you’re an expert tightrope walker, you’re likely not gonna fall off. You can just do it without too much issue. When you’re doing it over a chasm, and you don’t plan on dying, you’d still probably prefer a harness though, wouldn’t you?
Edit: I’m not saying C is a bad language or anything, but for important applications the safety of actually memory safe languages is vital for lower-skilled programmers and still a good assistance for higher-skilled programmers, as we’re all humans and it doesn’t hurt to try and avoid the mistakes we will eventually make.
I’ll say it. C is a bad language. There was a time when it needed needed to exist and using it was a smart choice, but it has outlived its usefulness for anything but legacy code and niche use cases like FFI. It’s in essentially the same category as Cobol.
