Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

White House urges developers to avoid C and C++, use 'memory-safe' programming languages
Tomshardware ^ | 02 28 2024 | Les Pounder

Posted on 02/28/2024 1:41:30 PM PST by yesthatjallen

The government would prefer it if you stopped programming tools in C or C++. In a new report, the White House Office of the National Cyber Director (ONCD) has called on developers to use "memory-safe programming languages," a category which excludes the popular languages. The advice is part of U.S. President Biden's Cybersecurity strategy and is a move to "secure the building blocks of cyberspace."

Memory safety refers to protection from bugs and vulnerabilities which deal with memory access. Buffer overflows and dangling pointers are examples of this. Java is considered a memory-safe language due to its runtime error detection checks. However, C and C++ both allow arbitrary pointer arithmetic with direct memory addresses and no bounds checking.

In 2019, Microsoft security engineers reported that around 70% of security vulnerabilities were caused by memory safety issues. Google reported the same figure in 2020, this time for bugs found in the Chromium browser.

" Experts have identified a few programming languages that both lack traits associated with memory safety and also have high proliferation across critical systems, such as C and C++," the report reads. "Choosing to use memory safe programming languages at the outset, as recommended by the Cybersecurity and Infrastructure Security Agency’s (CISA).

SNIP

(Excerpt) Read more at tomshardware.com ...


TOPICS:
KEYWORDS: c; programming; whitehouse
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-68 next last
To: yesthatjallen

For the most critical systems, being safety critical embedded systems that require certification, they’re ALL based on C/C++ - you can’t use Java.

What does the WH recommend?


21 posted on 02/28/2024 2:13:06 PM PST by fuzzylogic (welfare state = sharing of poor moral choices among everybody)
[ Post Reply | Private Reply | To 1 | View Replies]

To: yesthatjallen

I guess it’s back to assembler code.


22 posted on 02/28/2024 2:14:59 PM PST by gitmo (If your biography doesn't match your theology, what good is it?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: gitmo

Back to 0s and 1s.


23 posted on 02/28/2024 2:15:41 PM PST by dfwgator (Endut! Hoch Hech!)
[ Post Reply | Private Reply | To 22 | View Replies]

To: ganeemead

But we have multi-gigahertz, multi-core processors and lithium batteries to make up for that!


24 posted on 02/28/2024 2:16:24 PM PST by Empire_of_Liberty ( )
[ Post Reply | Private Reply | To 15 | View Replies]

To: Augie

Two words-punch cards


25 posted on 02/28/2024 2:18:12 PM PST by rdcbn1
[ Post Reply | Private Reply | To 19 | View Replies]

To: pierrem15

Actually Biden himself is very fluent in Dotard++


26 posted on 02/28/2024 2:21:13 PM PST by bigbob ( )
[ Post Reply | Private Reply | To 7 | View Replies]

To: njslim

Me, assembler:-)


27 posted on 02/28/2024 2:27:19 PM PST by Harpotoo (Being a socialist is a lot easier than having to WORK like the rest of US:-))
[ Post Reply | Private Reply | To 6 | View Replies]

To: aynrandfreak

Rust is a generation if c/c++ without all of Java’s endless class nonsense.

(Still think Python’s best for one and done or experimenting.)


28 posted on 02/28/2024 2:30:29 PM PST by epluribus_2
[ Post Reply | Private Reply | To 3 | View Replies]

To: gitmo

FLI -flash lights impressively

BTX -blink twice and explode

(Program Check, core dump listing follows)


29 posted on 02/28/2024 2:32:44 PM PST by epluribus_2
[ Post Reply | Private Reply | To 22 | View Replies]

To: Augie

Many (most) of graphics card firmware drivers had Fortran transformation logic in their chips. Maybe some. Still do.

(Numerical Recipes book, classic with FØRTRAN examples)


30 posted on 02/28/2024 2:35:50 PM PST by epluribus_2
[ Post Reply | Private Reply | To 19 | View Replies]

To: yesthatjallen

I like C. It gets the job done.


31 posted on 02/28/2024 2:37:48 PM PST by ConservativeMind (Trump: Befuddling Democrats, Republicans, and the Media for the benefit of the US and all mankind.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: CodeToad
Government involved with commerce is always a stupid thing.

From the people who brought you COBOL. (and Ada-83)

32 posted on 02/28/2024 2:38:41 PM PST by epluribus_2
[ Post Reply | Private Reply | To 14 | View Replies]

To: voicereason

It’s Delphi now.


33 posted on 02/28/2024 2:41:02 PM PST by Dalberg-Acton
[ Post Reply | Private Reply | To 10 | View Replies]

To: Augie

I did my first real programming in C. That’s freaking old in itself, Kernighan and Ritchie wrote the book in 1978.

DEC Vax running BSD.


34 posted on 02/28/2024 2:49:45 PM PST by buwaya (Strategic imperatives )
[ Post Reply | Private Reply | To 19 | View Replies]

To: gitmo

“I guess it’s back to assembler code.”

In which you can do anything you like with memory.


35 posted on 02/28/2024 2:51:26 PM PST by buwaya (Strategic imperatives )
[ Post Reply | Private Reply | To 22 | View Replies]

To: epluribus_2

COBOL worked great, for the things it was intended to do.


36 posted on 02/28/2024 2:52:53 PM PST by buwaya (Strategic imperatives )
[ Post Reply | Private Reply | To 32 | View Replies]

To: yesthatjallen
"However, C and C++ both allow arbitrary pointer
arithmetic with direct memory addresses and no bounds
checking."

Anyone who has learned to properly code in C and C++
knows to check for array bounds, dangling pointers and
to use garbage cleanup routines when writing procedures that
allocate memory.

37 posted on 02/28/2024 3:00:06 PM PST by StormEye
[ Post Reply | Private Reply | To 1 | View Replies]

To: yesthatjallen

Let me translate this, since I have been programming since 1978.

When you see a painting that is a work of art, and one that looks like a child’s doodle, they have one thing in common - the paintbrush. Don’t blame the paintbrush.


38 posted on 02/28/2024 3:10:37 PM PST by BereanBrain
[ Post Reply | Private Reply | To 1 | View Replies]

To: Harpotoo

“Me, assembler:-)”

Me too. RPG, Fortran, Cobol, etc....


39 posted on 02/28/2024 3:17:23 PM PST by dljordan
[ Post Reply | Private Reply | To 27 | View Replies]

To: dljordan

RPGILE Today started programming on IBM System 34.


40 posted on 02/28/2024 3:27:37 PM PST by VastRWCon (Fake News)
[ Post Reply | Private Reply | To 39 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-68 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson