|
|
|
|
|
|
by pjmlp
2253 days ago
|
|
|
Unfortunately they surely do, because a large set of developers writes C++ code full of C idioms. Which is why Google has thrown out the towel and Android 11 will require hardware memory tagging for native code, and now everything is compiled with FORTIFY enabled. Also Microsoft research shows otherwise, https://msrc-blog.microsoft.com/2019/07/16/a-proactive-appro... > ~70% of the vulnerabilities Microsoft assigns a CVE each year continue to be memory safety issues So yeah, you are correct that C++ does offer the tools not to write C like security holes. Now you just need to convince a large spectrum of companies to actually stop doing C idioms while writing C++ code. |
|
|
That's an other problem, not technical but educational. A lot of (older) programmer came to C++ passing by C and continue to use C in C++.
That need time, education and guidelines to change that... a lot of time.
Changing mindset and programmer education is sometimes harder than changing the program itself.
> Now you just need to convince a large spectrum of companies to actually stop doing C idioms while writing C++ code.
That is already ongoing. However do not forget that C++ has a bagage of 25 years of code pre-C++11 to upgrade before arriving there.