Crypto Gloom

Why the White House is asking programmers to avoid C & C++ | Posted by Emveep | Coins | March 2024

Crypto Market News
By Crypto Gloom

Quick overview: The White House recommends switching from C and C++ to memory-safe languages ​​like Rust, Go, or Python to improve performance. cyber security.

The White House strongly encouraged software developers to move away from using C and C++ and adopt memory-safe languages. A major reason for this push is the rampant cybersecurity threats that exploit the vulnerabilities inherent in these older languages.

C and C++ remain popular for many applications, but their performance comes at a significant cost. These languages ​​give developers direct control over memory allocation and management. This control is essential for performance, but can be a security nightmare. Errors such as buffer overflows and use-after-free bugs are common in C and C++ programs and often serve as entry points for malicious attacks.

Studies have shown that most security vulnerabilities result from memory management errors. Microsoft alone found that 70% of vulnerabilities in its products could come from vulnerabilities in C and C++ code.

Languages ​​like Rust, Go, Python, etc. are considered memory safe. It has built-in protection features such as automatic garbage collection and bounds checking. These safeguards eliminate an entire class of potential memory-related exploits. By using a memory-safe language, developers shift the responsibility for preventing many vulnerabilities onto the language itself, rather than relying solely on error-prone coding.

If memory-safe languages ​​are superior, why do we continue to rely on C and C++? Here are some key reasons:

  • Legacy code: A vast amount of critical infrastructure is built on C and C++. Rewriting everything is expensive and time consuming.
  • Performance: C and C++ are often preferred for applications where speed is most important, such as game engines and operating systems.
  • inertia: Many developers are familiar with C and C++. Learning a new language takes time and investment.

The White House is not proposing to abandon C and C++ entirely. Instead, we encourage you to use this powerful language more selectively. The focus is:

  • New developments: Whenever possible, prioritize memory-safe languages ​​for new projects.
  • Refactoring: Progressively replace or refactor critical components of existing C/C++ code with memory-safe alternatives.
  • Developer training: Promotes the benefits of memory-safe languages ​​and provides resources to advance the technology.

The White House’s call for change is essential for cybersecurity, but it is not without obstacles.

  • Legacy issues: Systems from power grids to medical devices use C/C++ code. Completely replacing these systems would be prohibitively expensive and risky, and new vulnerabilities may also arise during the transition.
  • Performance overhead: Memory-safe languages ​​sometimes incur a performance cost due to their safeguards. This is less true in newer languages ​​like Rust, but can be a problem in real-time systems or high-performance computing.
  • Developer expertise: While the community around memory-safe languages ​​is growing, the base of skilled C/C++ programmers is still larger. Training or hiring for an alternative language adds to the cost of change.
  • Ecosystem and Libraries Support for C and C++, which has been built over decades, can be much more comprehensive than support for newer languages. This makes it more difficult to rewrite existing components or find pre-built solutions.

The transition to memory-safe development is not an all-or-nothing proposition. Here are some strategies for success:

  • Prioritize new projects: When building greenfield applications, use memory-safe languages ​​by default when possible. This reduces future security burden from the start.
  • Identify critical components: Audit your existing C/C++ codebase to find the most sensitive sections that handle user data, authentication, or interfacing with external networks. Target this for refactoring or replacement.
  • Gradual adoption: Rewriting the entire system is unrealistic. Look for opportunities to add components or services developed in memory-safe languages ​​and interface with legacy code.
  • Hybrid solution: Sometimes, critical performance bottlenecks within a mostly safe application need to be written in C/C++. Special care must be taken when developing, testing, and isolating these sections.
  • Government and Industry Cooperation: Funding for open source development, code auditing, and creation of secure libraries in memory-safe languages ​​accelerates the transition process.
  • Training and Education: We encourage a learning path for both new and experienced developers to become proficient in memory-safe languages.

The White House’s guidance is a stark reminder that our increasingly connected world requires a proactive cybersecurity approach. The transition to a memory-safe language presents challenges, but it is an investment in a more secure future. Developers, organizations and the technology industry must broadly embrace these changes in a collaborative spirit. By prioritizing secure coding practices, supporting education and training, and gradually transitioning to memory-safe languages, we can build a digital infrastructure that is much more resistant to cyberattacks.

You might also like More from author