- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.
When was the last time you’ve heard of a memory safety issue in Java code? Not the runtime or some native library, raw dogged Java.
Memory safety isn’t a silver bullet, but it practically erases an entire category of bugs.
Fair point, even log4j was running java code, not literally hijacking the stack or heap.
That being said, I’m poking fun because C and C++ have low level capabilities of which only Rust offers a complete alternative of. Most of everything else is safe because it comes packaged with a garbage collector which affects performance and viability. I think Go technically counts if you set the GC allocation to 0 and use pointers for everything, but might as well use Rust or C at that point.
I guess I’m just complaining out of all the issues ONCD could point out, they went after the very broad “memeory-safe is always better” when most of the people using C and C++ need the performance. They only offered Rust as a potential alternative in the report with nothing else which everyone already knows. Would be nice to see them make a real statement like telling megacorps to stop using unencrypted SCADA on the internet.