CISA and FBI recommends all critical software to not be implemented in C/C++ by 2026
CISA and FBI recommends all critical software to not be implemented in C/C++ by 2026
This voluntary guidance provides an overview of product security bad practices that are deemed exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs).
Rust lobbyists winning
You're viewing a single thread.
Which do you think happened?
-
Honest appraisal of C++ security problems
-
They figured out some security hole in C++ programs that makes them even worse than we thought
-
Some contractor bribed them to say this so that they can get contracts porting stuff to Rust
-
Some contractor dug up new legitimate security holes in C++ programs so they can convince the FBI to say this so they can get contracts porting stuff to Rust
-
High ranking FBI officials are rust fanboys
I think contractor bribes, but I think that last two are fun.
All wrong! It's because Rust is WOKE!
Thank god President Trump will revert everything to C, none of this woke stuff, Make Software Spaghetti Again!
C is for liberals, real patriots use Assembly
Make Software Spaghetti Again!
It's just the obvious thing. C and C++ don't have safeguards against dangerous programming mistakes. Programming languages exist that do. There are to this day still software vulnerabilities being caused by subtly incorrect code that C and C++ require being treated as legitimate.
Permanently Deleted
The difference here is that it takes discipline and training to use only those parts of C++. That requires humans in the loop to enforce those decisions. Humans are fallible.
If you make it impossible at the language level then there's nothing to train. You just can't do the thing unintentionally.
And they didn't specify Rust; the aerospace industry has been using Ada for decades when it comes to mission critical stuff. Ada's compiler has long had a similar notoriety to rust's regarding the difficulty curve.
My guess would also be that most enterprises prefer Ada over Rust, because Rust lack standardisation. Sometimes you need to do unsafe things though and your billion dollar rocket explode.
-