Expert recommends: forget C and C++ for greater security

US cybersecurity experts warn of the risks inherent in the use of C and C++, highlighting how these legacy technologies are no longer adequate for modern application security standards. Unlike newborn languages, which integrate automatic memory control systems, C and C++ entrust this task to developers with consequent possible negligence.

The risks associated with manual memory management

Efficiency and direct control are the advantages of C and C++ which, however, turn into defects when it comes to security. Manual memory management in these languages can easily result in vulnerabilities, such as the well-known buffer overflow problem, exposing sensitive software to potential malicious attacks that can compromise data and systems.

Microsoft and Google's conclusions on C and C++

Recent studies by technology giants, such as Microsoft in 2019 and Google in 2020, have confirmed that a preponderant share of software vulnerabilities derives from memory-related issues, mainly found in code written in C or C++. This statistic highlights the essential need for a shift towards more secure programming languages.

Safer languages recommended by the Office of the National Cyber Director

The US Office of the National Cyber Director recommends that developers adopt languages that promote automatic and secure memory management. These include Rust, Go, C#, Java, Swift, JavaScript, and Ruby. Rust in particular is at the center of kernel renewal projects for operating systems and browsers, as demonstrated by its growing use in critical environments.