4 comments

[ 4.4 ms ] story [ 24.2 ms ] thread
Saw this via a chain of links starting from the Let's Encrypt site.
Yet another article misleadingly treating C and C++ both as memory-unsafe languages. But there is a huge difference between them. Modern C++ code written according to strict standards (like C++ core guidelines) is much less vulnerable in comparison to C code or old-style C++ code. So in practice it may be enough to write in C++ a modern way to avoid vulnerabilities or at least greatly minimize them. Adopting a new memory-safe language may be much more harder, especially in large existing codebases.

And strictly speaking Rust isn't memory-safe, since it allows to shot the leg via unsafe blocks.