[LINK] Safe C++ Extensions proposal for Five Eyes, White House etc

[Stephen Loosley]

The empire of C++ strikes back with Safe C++ blueprint

You pipsqueaks want memory safety .. we'll show you memory safety! We'll borrow that borrow checker

By Thomas Claburn Mon 16 Sep 2024 (snipped..)  https://www.theregister.com/2024/09/16/safe_c_plusplus/


After two years of being beaten with the memory-safety stick, the C++ community has published a proposal to help developers write less vulnerable code.

The Safe C++ Extensions proposal aims to address the vulnerable programming language Achilles heel, the challenge of ensuring that code is free of memory safety bugs.

This is a revolutionary proposal that adds memory safety features to the C++ programming language, said Vinnie Falco, president and executive director of the C++ Alliance, said Thursday. This collaboration marks a significant milestone in the C++ ecosystem, as the need for safe code has never been more pressing.

It has never been more pressing because for the past two years, private and public sector organizations have been pushing programmers to write new applications and rewrite old ones in memory safe languages such as C#, Go, Java, Python, and Swift, but particularly Rust because it is a performant low-level systems language.


Software engineer Alex Gaynor raised the issue back in 2019, noting that the majority of serious vulnerabilities in large codebases come from memory safety flaws such as buffer overflows and use-after-free. The data bears out, over and over again, that when projects use memory unsafe languages like C and C++ they are burdened by an avalanche of resulting security vulnerabilities, he wrote.

Memory safety subsequently became a common subject of discussion in academic papers and at technical conferences. By September 2022, Microsoft Azure CTO Mark Russinovich called for deprecating C and C++ and adopting Rust.

A few months later, the NSA took a similar position. By 2023, memory safety had become a mainstream topic, covered by Consumer Reports.

Those involved with C++ became defensive. Two years ago, in response to Russinovich's call to dump C/C++, C++ creator Bjarne Stroustrup told The Register: We can now achieve guaranteed perfect type and memory safety in ISO C++.

Yet that claim was met with some skepticism. Josh Aas, co-founder and executive director of the Internet Security Research Group (ISRG), which oversees a memory safety initiative called Prossimo, last year told The Register that while it's theoretically possible to write memory-safe C++, that's not happening in real-world scenarios because C++ was not designed from the ground up for memory safety.


The Safe C++ Extensions proposal aims to address that criticism and to respond to public sector demand for memory safety from the NSA and the other Five Eyes intelligence agencies, the US Cybersecurity and Infrastructure Agency (CISA), the White House, and the DARPA.

..continued