New software initiative: C++ receives security upgrade through Safe Extensions

New software initiative: C++ receives security upgrade through Safe Extensions

There are always new developments in the world of programming, especially when it comes to software security. The C++ community is currently faced with the challenge of more and more experts praising the advantages of other programming languages ​​that offer greater memory security. To counteract this criticism, the “Safe C++ Extensions” project was launched.

This new effort aims to address C++'s existing vulnerabilities, particularly in the area of ​​memory security. Vinnie Falco, president of the C++ Alliance, called the proposal revolutionary. In a Register report, he emphasized the importance of adding modern memory security features to C++, especially at a time when secure code is needed more than ever. In recent years, there have been frequent requests to develop new software solutions in programming languages ​​such as Rust, Go and Java, which are known for their security.

Criticism of C++ and the urge for change

As early as 2019, experts like Alex Gaynor pointed out the serious security gaps in large code bases, which are primarily caused by memory security errors. These problems are increasingly being discussed at technical conferences. Last year, there were even voices from the tech industry, like Microsoft's Mark Russinovich, who suggested ditching C and C++ altogether in favor of Rust.

Although Bjarne Stroustrup, the creator of C++, has assured that his programming language in its current form can be fundamentally memory-safe, these statements do not resonate with everyone. Critics believe that C++ was not originally designed to be memory safe, which makes it much more difficult to create memory-safe code in practical applications.

The “Safe C++ Extensions” project is now tackling exactly this challenge. It aims to meet recommendations from agencies such as the NSA and the US Cybersecurity Agency, which call for higher levels of security in software systems. Despite the many skeptics who doubt that C++ can ever be as secure as languages ​​like Rust or Swift, developers Sean Baxter and Christian Mazakas show confidence in their plan. They argue that the complete switch to Rust is often not feasible in practice because there are significant differences between the programming languages.

Innovations in programming languages

Baxter highlights that the Safe C++ project introduces new technologies to ensure memory security. One of the central innovations is “borrow checking”, which serves to avoid errors such as “use-after-free”. There will also be analyzes of initialization that are intended to increase type safety. A key advantage of this effort is that existing C++ code can continue to work while developers can gradually incorporate more secure features without having to retrain on a completely new programming language.

Overall, the creation of the “Safe C++ Extensions” shows that the C++ community is ready to evolve and respond to pressing security concerns. This paves a way to combine the advantages of C++ with the demands for higher security and to make the programming language landscape more interesting and secure. Details about the innovative approaches can be found in a report from winfuture.de.