[e4m2]

Frama-C as a bare minimum is a pipe dream.

It's a nice thought, don't get me wrong, but it's hard enough to convince people to add `-fsanitize=...` to their compiler flags. An entire separate static analysis tool with its own learning curve (and its own set of idiosyncrasies) doesn't really qualify for "bare minimum" IMO.

[pjmlp]

Thankfully the ongoing cybersecurity laws will change that mindset.

[tptacek]

No, I don't think they will.

[pjmlp]

You will be surprised.

https://www.eff.org/deeplinks/2023/05/eus-proposed-cyber-res...

[tptacek]

None of this is going to meaningfully impact C/C++ software. If it comes to pass at all, it'll be used at the margins to replace more C code with Rust.

[pjmlp]

It only needs to have money attached to code fixes.

The problem with developers that don't do consulting is that they have no idea how each hour of their work relates to product development costs.

In Germany, services companies are already required to provide security fixes free of charge and warranties.

Someone has to pay those hours.

It is no accident that Google, Apple, Microsoft always mention increasing costs with bug fixes, when pushing for writing new code in safer languages.

[uecker]

We will see. In a regulatory context, "the implementation is the spec" usually does not convince.