Improving C++

C++ guru Herb Sutter writes about how we can improve the programming language for better security.

The immediate problem “is” that it’s Too Easy By Default™ to write security and safety vulnerabilities in C++ that would have been caught by stricter enforcement of known rules for type, bounds, initialization, and lifetime language safety.

His conclusion:

We need to improve software security and software safety across the industry, especially by improving programming language safety in C and C++, and in C++ a 98% improvement in the four most common problem areas is achievable in the medium term. But if we focus on programming language safety alone, we may find ourselves fighting yesterday’s war and missing larger past and future security dangers that affect software written in any language…

Continue reading Improving C++

Code.org Tells Court Zuckerberg-Backed Byju’s Undermines Mission To Teach Kids CS

theodp writes: Tech-backed nonprofit Code.org on Wednesday fired the latest salvo in its legal battle over $3 million in unpaid licensing fees for the use of Code.org’s free [for non-commercial purposes] K-12 computer science curriculum by WhiteHat Jr…. Continue reading Code.org Tells Court Zuckerberg-Backed Byju’s Undermines Mission To Teach Kids CS

Next-gen AI software developer spawns and trains its own AIs

It can autonomously plan and execute thousand-step tasks. It can build and deploy entire software projects all by itself. It can research and fix bugs 7x better than OpenAI’s GPT-4, and it trains and deploys its own custom AIs to solve problems.Continu… Continue reading Next-gen AI software developer spawns and trains its own AIs

Transitioning to memory-safe languages: Challenges and considerations

In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like… Continue reading Transitioning to memory-safe languages: Challenges and considerations

Can and should a penetration test report include an informational note about not having used a (by-design) memory-safe programming language?

Firstly, a quote from a good article about the importance of memory safety by memorysafety.org:

How common are memory safety vulnerabilities?
Extremely. A recent study found that 60-70% of vulnerabilities in iOS and macOS are memory safet… Continue reading Can and should a penetration test report include an informational note about not having used a (by-design) memory-safe programming language?