Bjørn Straustrup, inventor of the C++ programming language, responded to the US National Security Agency (NSA) about the agency's recommendation to abandon the use of C and C++, which shift memory management to modern programming languages (C#, Go, Java, Ruby, Rust and Swift) that provide automatic memory management or perform safe memory handling checks during code compilation.
Straustrup urged the NSA for its part to first think seriously about the "security" of new languages and only then propose something sensible about it.
The scientist and developer believes that the "safe" programming languages mentioned in the NSA report are not actually superior to C++ in important applications from his point of view. In particular, C++ Core Guidelines which have been developing for the last years cover safe programming practices and prescribe to developers to use means which guarantee safe work with types and resources. However, developers who don't require such strict security safeguards are left free to use the old development methods for their projects.
Straustrup explained that a good static analyzer complying with C++ Core Guidelines can provide necessary guarantees of C++ code security and is much less expensive than upgrading to newer secure programming languages. For example, most of the Core Guidelines recommendations are implemented in the static analyzer and safe memory handling profile included into Microsoft Visual Studio. Some of the security guidelines are also implemented in the Clang tidy static analyser.
Straustrup criticised the NSA report for focusing only on memory handling issues, leaving out many other programming language issues that affect the security and reliability of projects.
As part of Stroustrup's vision, one must see security as a broader concept, the various facets of which can be achieved through a combination of writing style, the use of proven libraries and static analyzers.
Straustrup also suggests using annotations in code and compiler options to control the inclusion of rules to ensure that types and resources are handled safely. In his view, not everyone puts security first. For example, in applications where performance is more important than security, this approach allows you to selectively apply security features only where they are needed. The security enhancement tools can also be partially applied, such as limiting the scope and initialization rules at the beginning and then gradually adapting the code to more stringent requirements.
Straustrup assured that security issues are not ignored in the C++ community, as that would be very damaging to many projects. And focusing solely on security makes it difficult to make something usable and workable that will stick in projects immediately.
At the end of his response, Straustrup suggested that the NSA should consult in the future on the security of programming languages not with a hypothetical "comprehensive software development community" but with subject matter experts and specialists in the ISO C++ standards committee.
In November 2022, the NSA released a report indicating that the widely used C and C++ programming languages give hackers more opportunities to exploit. The NSA therefore recommends that organisations switch to secure programming languages such as C#, Go, Java, Ruby, Rust and Swift. According to experts, this will help prevent certain types of memory-related vulnerabilities from occurring.
