{"id":641732,"date":"2024-10-15T13:39:35","date_gmt":"2024-10-15T10:39:35","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/what-is-the-new-safe-c-proposal-and-what-do-programmers-need-to-know\/"},"modified":"2024-10-15T13:39:35","modified_gmt":"2024-10-15T10:39:35","slug":"what-is-the-new-safe-c-proposal-and-what-do-programmers-need-to-know","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/what-is-the-new-safe-c-proposal-and-what-do-programmers-need-to-know\/","title":{"rendered":"#What is the new safe C++ proposal and what do programmers need to know?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a29f3f2e5e29\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a29f3f2e5e29\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-the-new-safe-c-proposal-and-what-do-programmers-need-to-know\/#Making_C_safe\" >Making C++ safe<\/a><\/li><\/ul><\/nav><\/div>\n<p><img decoding=\"async\" src=\"https:\/\/img-cdn.tnwcdn.com\/image?fit=796%2C417&amp;url=https%3A%2F%2Fcdn0.tnwcdn.com%2Fwp-content%2Fblogs.dir%2F1%2Ffiles%2F2024%2F10%2FUntitled-design-7.jpg&amp;signature=2a340e9a0ab4f6bee5c2bfcb27176eef\" \/><\/p>\n<div id=\"article-main-content\">\n                            In 2020, Google identified that more than 70% of its Chrome browser\u2019s <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.chromium.org\/Home\/chromium-security\/memory-safety\">severe security bugs <\/a>were in fact caused by memory safety issues.<\/p>\n<p>\u201cThat is,\u201d the Chrome team said, \u201cmistakes with pointers in the C or C++ languages which cause memory to be misinterpreted.\u201d<\/p>\n<p>In 2022, the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.nsa.gov\/Press-Room\/News-Highlights\/Article\/Article\/3215760\/nsa-releases-guidance-on-how-to-protect-against-software-memory-safety-issues\/\">NSA weighed in<\/a> on memory safety with Neal Ziring, its cybersecurity technical director saying that \u201cMemory management issues have been exploited for decades and are still entirely too common today. We have to consistently use memory safe languages and other protections when developing software to eliminate these weaknesses from malicious cyber actors.\u201d<\/p>\n<p>That wasn\u2019t the end of the matter, however. Memory safe programming languages have continued to be under an intense spotlight. In February of this year, the US White House Office of the National Cyber Director (ONCD) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2024\/02\/Final-ONCD-Technical-Report.pdf\">issued a report<\/a> advising that all programmers should move to memory-safe programming languages.<\/p>\n<div class=\"inarticle-wrapper channel-cta\">\n<div class=\"ica-text\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/ai.live.ft.com\/?utm_source=partner-emp&amp;utm_medium=referral&amp;utm_campaign=global_partner_event-registration_prospecting_bau_2024-future-of-ai-london_core&amp;utm_term=tnw\" data-event-category=\"Article\" data-event-action=\"In Article Block\" data-event-label=\"Join the Financial Times Future of AI Summit on November 6-7\"><\/p>\n<p class=\"ica-text__title\">Join the Financial Times Future of AI Summit on November 6-7<\/p>\n<p>In partnership with TNW, the Future of AI Summit explores the cutting edge of AI innovation and how it is being scaled for success and growth.<\/p>\n<p><\/a><\/div>\n<\/div>\n<p><strong>5 jobs to discover this week<\/strong><\/p>\n<ul>\n<li>Cybersecurity Coordinator France M\/F, MBDA France, Le Plessis-Robinson<\/li>\n<li>Data Scientist (F\/H), Novencia, Lyon<\/li>\n<li>Software Architect, GDV Dienstleistungs-GmbH, Hamburg<\/li>\n<li>Software Developer, InTraffic, Utrecht<\/li>\n<li>Software Architect, Capgemini, Eindhoven<\/li>\n<\/ul>\n<p>The report pointed out that the burden of cybersecurity threat protection is currently placed on end users, and that, \u201cefforts must be made to proactively eliminate entire categories of software vulnerabilities.\u201d<\/p>\n<p>The report elaborated further, saying that, \u201cExperts have identified a few programming languages that both lack traits associated with memory safety and also have high proliferation across critical systems, such as C and C++.\u201d<\/p>\n<p>Memory safety matters now more than ever, because so much more of what we do h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ens online. The pandemic accelerated the rapid adoption of ecommerce, online payments, and digital advertising, according to the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.weforum.org\/agenda\/2022\/04\/website-technologies-pandemic\/\">World Economic Forum<\/a>.<\/p>\n<p>As a result there are a lot more potential vulnerabilities to exploit. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/stackoverflow.blog\/2024\/03\/04\/in-rust-we-trust-white-house-office-urges-memory-safety\/\">Stack Overflow<\/a> points out that some of the biggest vulnerability events of the past were memory-safety issues.<\/p>\n<p>These include 2014\u2019s <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/heartbleed.com\/\">Heartbleed<\/a>, which affected OpenSSL software allowing bad actors to steal X.509 certificates, usernames and passwords, instant messages, and emails. In 2017, the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/WannaCry_ransomware_attack\">WannaCry<\/a> ransomware attack garnered massive attention as it spread globally, infecting more than 230,000 computers.<\/p>\n<p>A new <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cdn.revolut.com\/pdf\/Revolut_Consumer_Security_Report_H1_2024.pdf\">Consumer Security and Financial Crime<\/a> Report from Revolut points to Meta platforms as the biggest source of all scams (62%) globally during the first half of 2024. Revolut identified that <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Facebook<\/a> had fraud volumes (39%) which were more than double that of WhatsApp (18%).<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Making_C_safe\"><\/span>Making C++ safe<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Memory safe languages do exist and include Rust, Go, Java, Swift, and Python. C++ is under particular scrutiny because of the amount of critical code that has been written in it.<\/p>\n<p>Given the context, it isn\u2019t so surprising that the C++ community has reacted, announcing the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/safecpp.org\/P3390R0.html\">Safe C++ Extensions<\/a> proposal in September of this year. \u200b\u200bThe work is being done via the C++ Alliance, and its president and executive director <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cppalliance.org\/vinnie\/2024\/09\/12\/Safe-Cpp-Partnership.html\">Vinnie Falco<\/a> said that this was, \u201ca revolutionary proposal that adds memory safety features to the C++ programming language.\u201d<\/p>\n<p>Falco added that: \u201cthe need for safe code has never been more pressing. With the increasing importance of software security and reliability, developers are facing mounting pressure to adopt safer coding practices. The Safe C++ Extensions aim to address this critical need by introducing novel features that prevent common memory-related errors.\u201d<\/p>\n<p>So will this fix the issue? Some critics are skeptical, and the developer from the C++ Alliance, Sean Baxter <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/safecpp.org\/P3390R0.html\">points out that<\/a>:<\/p>\n<p>\u201cThere\u2019s only one popular systems level\/non-garbage collected language that provides rigorous memory safety. That\u2019s the Rust language. Although they play in the same space, C++ and Rust have different designs with limited interop capability, making incremental migration from C++ to Rust a painstaking process.\u201d<\/p>\n<p>A number of actions are suggested to ensure performant C++ code, including prohibiting developers from writing operations that might result in lifetime safety, type safety, or thread safety undefined behaviors.<\/p>\n<p>Additionally, there are other challenges, with Baxter pointing out that, \u201cAlthough they play in the same space, C++ and Rust have different designs with limited interop capability, making incremental migration from C++ to Rust a painstaking process.\u201d<\/p>\n<p>Moving code to memory safe status will be painstaking and time-consuming, but the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.darpa.mil\/program\/translating-all-c-to-rust\">Defense Advanced Research Projects Agency<\/a> (DARPA) is seeking to bridge this gap using AI. It is developing a programmatic code conversion vehicle called TRACTOR (Translating All C TO Rust).<\/p>\n<p>It says that, \u201cthe goal is to achieve the same quality and style that a skilled Rust developer would produce, thereby eliminating the entire class of memory safety security vulnerabilities present in C programs.\u201d<\/p>\n<p><em>Ready to find your next software role? Check out The Next Web Job Board<\/em>\n                        <\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/news\/safe-c-proposal-what-programmers-need-to-know\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In 2020, Google identified that more than 70% of its Chrome browser\u2019s severe security bugs were in fact caused by memory safety issues. \u201cThat is,\u201d the Chrome team said, \u201cmistakes with pointers in the C or C++ languages which cause memory to be misinterpreted.\u201d In 2022, the NSA weighed in on memory safety with Neal&#8230;<\/p>\n","protected":false},"author":1,"featured_media":641733,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/tnw-blurple?filter_last=1&fit=1280%2C640&url=https%3A%2F%2Fcdn0.tnwcdn.com%2Fwp-content%2Fblogs.dir%2F1%2Ffiles%2F2024%2F10%2FUntitled-design-7.jpg&signature=5aad12ef466ab36fbdd2020cc50124ff","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-641732","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/641732","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=641732"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/641732\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/641733"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=641732"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=641732"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=641732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}