Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.

White House urges developers to dump C and C++::Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.

  • OutrageousUmpire@lemmy.worldEnglish
    464·
    9 months ago

    I’m not sure what to think about this. It’s bizarre, the White House making any recommendations on programming languages.

    They’re definitely not seen as an authority in this field. Why would anyone care what recommendation they make? And so why make one at all?

    • someacnt_@lemmy.worldEnglish
      3·
      9 months ago

      There have been words around this, like how software should be safe by design, but the regulation should come from the governing entity. This is simply materialized now, but there has been momentum.

    • Mango@lemmy.worldEnglish
      43·
      9 months ago

      They can’t even figure out language for human interpretation much less computer interpretation.

  • omega_x3@lemmy.worldEnglish
    28·
    9 months ago

    Team Fortran raise up, but not too fast our old bones aren’t as strong as they used to be.

    • AA5B@lemmy.worldEnglish
      2·
      9 months ago

      Damn, it’s been like 25 years since I touched either of those. Aside from OS development, do people really do that anymore?

      • Subverb@lemmy.worldEnglish
        2·
        9 months ago

        Embedded systems developer here. If you’re programming on ARM or one of the other big microcontrollers there aren’t many well supported options. ARM’s official Keil compiler and libraries are C and C++ and I see no official movement to change that.

        They have literally decades in building those tools.

        Microsoft’s multithreaded OS ThreadX is C code. They just bought it for a large undisclosed amount in 2018. It ain’t going anywhere soon.

        AWS’s FreeRTOS is C. Not going anywhere.

        Embedded development toolchains are very slow to change.

  • Richard@lemmy.worldEnglish
    34·
    9 months ago

    C is not the problem, it’s sloppy “programmers” who cannot handle direct memory control and who do not understand the underlying system architecture and how a microprocessor operates. People who are good at writing C can make code just as safe as the safest Rust code.

    • daddy32@lemmy.worldEnglish
      2·
      9 months ago

      It is just too easy to shoot yourself in the foot when using a foot gun… Sure the experts can avoid it, but that doesn’t mean the foot gun is a good tool in general.

    • dejected_warp_core@lemmy.worldEnglish
      2·
      9 months ago

      While this is technically correct, it’s tantamount to saying “just don’t make mistakes”, or arguing that a seatbelt is unnecessary because many are good enough drivers to not need it.

      Languages like C and C++ do not prohibit the kinds of mistakes that the NSA told us two years ago lead to software vulnerabilities.

      Other languages, like Rust, have higher guardrails built in and make it much more difficult to accidentally create the same failure modes.