Hacker News new | ask | show | jobs
by steveklabnik 456 days ago
I haven't seen conclusive evidence that this is the case, do you happen to have an analysis of this somewhere?

Of course, C++ offers you tools that C doesn't, but some of those tools have their own sharp edges as well. Plus, many C++ codebases are "C with classes" style or similar hybrids, those are still ultimately C++ programs, not C ones.
1 comments
GoblinSlayer 456 days ago
Counterexamples would be s2n, grpc, putty, postfix, that are either C with classes or non-PDP C. I suppose in postfix security design was an afterthought and added gradually, but at least it was thought.
link
steveklabnik 455 days ago
I think this means you're making the opposite argument that most C++ folks do, which is that C with classes is bad, and more prone to security issues than "modern C++" is.
link
GoblinSlayer 454 days ago
My argument is that C with classes is bad when it uses bad security practice, not because it must be bad.
link