[StefanKarpinski]

I was talking about which is more secure. The real point is that this isn't a static vs. dynamic language issue: C and C++ are static and full of terrifying security traps; Haskell is static and it isn't. Since C and C++ are the most commonly used static languages, and they are much less secure than the most commonly used dynamic languages, it's questionable to claim – without additional elaboration – that static is more secure than dynamic.

[thegeomaster]

C++, especially when using features provided by the newest standards (C++11 and C++14), cannot be likened to C in terms of security problems. In theory, yes, it's backward compatible with C so any security issues present in C can be reconstructed in C++, but using managed pointers, standard containers, RTTI and other features can considerably reduce the attack surface... but I'd argue that not a great amount of applications could benefit from being written in C++ vs. some safer language.

[MaulingMonkey]

> using [...modern C++ features...] can considerably reduce the attack surface...

I'd argue the remaining attack surface is still wide enough to drive a shuttle crawler-transporter through. Even if your core code is perfectly tricked out with best practices, you're going to inter-operate with 3rd party APIs with C style interfaces at some point - and that means raw pointers, rolling your own containers / RAII wrappers, etc.