Feds: Critical Software Must Drop C/C++ by 2026 or Face Risk (thenewstack.io)

submitted 9 hours ago by arendjr@programming.dev to c/programming@programming.dev

17 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] BlazeDaley@lemmy.world 7 points 6 hours ago

It’s one backed by a lot of data. One example is from the Android project.

The percent of vulnerabilities caused by memory safety issues continues to correlate closely with the development language that’s used for new code. Memory safety issues, which accounted for 76% of Android vulnerabilities in 2019, and are currently 24% in 2024, well below the 70% industry norm, and continuing to drop.

https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html

There’s an argument that critical infrastructure software vendors are already meeting standards for basic, non-memory related items. Yes, there are other categories, but memory safety is one that’s harder to verify. Moving to memory safe languages is an ensure a category of correctness. This excludes usage of unsafe escape hatches.

this post was submitted on 01 Nov 2024

44 points (87.9% liked)

Programming

17305 readers

210 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Follow the programming.dev instance rules
Keep content related to programming in some way
If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 1 year ago

MODERATORS

snowe@programming.dev

Ategon@programming.dev

MaungaHikoi@lemmy.nz