2,703
online users
thotties       tv/movies       gaming       gear       tech       guap       rides       eats       health       bxwf       misc

White House urges developers to dump C and C++



more
ADVERTISEMENT
 
topics gone triple plat - Number 1 spot 3X PLAT



section  1   0 bx goons and 1 bystanders Share this on Twitter       Share this on Facebook
 

section tech
  

 2 months ago '16        #1
2258 page views
57 comments


00010111  topics gone triple plat - Number 1 spot x24
avatar
Props total: 97920 97 K  Slaps total: 8850 8 K
White House urges developers to dump C and C++
 

 
The White House Office of the National Cyber Director (ONCD), in a report released Monday, called on developers to reduce the risk of cyberattacks by using programming languages that don’t have memory safety vulnerabilities. Technology companies “can prevent entire classes of vulnerabilities from entering the digital ecosystem” by adopting memory-safe programming languages, the White House said in a news release.

Memory-safe programming languages are protected from software bugs and vulnerabilities related to memory access, including buffer overflows, out-of-bounds reads, and memory leaks. Recent studies from Microsoft and Google have found that about 70 percent of all security vulnerabilities are caused by memory safety issues.

“We, as a nation, have the ability—and the responsibility—to reduce the attack surface in cyberspace and prevent entire classes of security bugs from entering the digital ecosystem but that means we need to tackle the hard problem of moving to memory safe programming languages,” National Cyber Director Harry Coker said in the White House news release.

The US Cybersecurity and Infrastructure Security Agency also urged developers to use memory-safe programming languages in a September blog post. CISA, the FBI, the US National Security Agency, and agencies from allied countries also published the report, “The Case for Memory Safe Roadmaps,” in December.

The new 19-page report from ONCD gave C and C++ as two examples of programming languages with memory safety vulnerabilities, and it named Rust as an example of a programming language it considers safe. In addition, an NSA cybersecurity information sheet from November 2022 listed C#, Go, Java, Ruby, and Swift, in addition to Rust, as programming languages it considers to be memory-safe.

About 22 percent of all software programmers used C++, and 19 percent used C as of 2023, according to Statista, making them less popular than JavaScript, Python, Java and a few others. But the TIOBE Programming Community index ranks only Python as more popular, followed by C, C++, and Java.

One goal of the new report is to shift the responsibility of cybersecurity away from individuals and small businesses and onto large organizations, technology companies, and the US government, which are “more capable of managing the ever-evolving threat,” the White House news release said.

ONCD worked with the private sector, including technology companies, the academic community, and other organizations to develop the recommendations in the report, it said. ONCD issued a request for public input on the topic in August. It also gathered comments in support of the initiative from several technology companies, including Hewlett Packard Enterprise, Accenture, and Palantir. Other software security experts also praised the report.

The ONCD report is helpful and timely, said Dan Grossman, a computer science professor at the University of Washington. While “dangers of C and C++ have been well-known for decades,” this is a good time for the White House to push for memory safety because practical and mature alternatives are now available, he said.

At the same time, changes are needed because of “the sophistication of threats from adversaries that exploit memory safety violations,” he said.

Discussions about memory safety involving the government, industry, and academic can lead to meaningful change, he added. “Naturally, many branches of the federal government are key creators and vendors for software and they can use this perspective in deciding their priority for upcoming changes to systems or new systems.”

However, a move away from C and C++ won’t happen overnight, especially in embedded systems, Grossman said. “But the use of other languages for systems software, notably Rust, has already grown significantly, and I think many people anticipate that sort of evolution accelerating rather than C and C++ development simply stopping, which still seems unimaginable in its entirety.”

Moving away from C and C++ will be a “long and difficult process,” added Josh Aas, executive director and co-founder of the Internet Security Research Group. “It takes a sustained effort to change the way people think about things, and communications like this help keep the issue of safety fresh in peoples’ minds.”

For the change to happen, the government and the private sector need to work together to make secure code a priority, Aas said.

“Ultimately, we need to write and deploy new code, but in order to get there, we need resources and we need leaders at all levels, from government to the private sector, to make it a priority,” he added. “Relevant leaders need to be made aware of the problem, and they need to know that they are going to be supported if they make solving this problem a priority.”


 https://www.infoworld.com .. p-c-and-c.html
+17   



icon
best
icon
worst
57 comments

 2 months ago '10        #2
Shhon  topics gone triple plat - Number 1 spot x3
Props total: 56080 56 K  Slaps total: 4960 4 K
🔗

0:00 - Intro
0:11 - LockBit Update
1:23 - White House recommends Rust
2:54 - Apple Quantum Safe
4:03 - Outro
+1   

 2 months ago '17        #3
dubsax  topics gone triple plat - Number 1 spot x2
Props total: 76067 76 K  Slaps total: 6432 6 K
I like Python its cool like a swiss army knife but its hackable too
the reason why its so popular is because its the backbone of many exploits.

you can write or find a python script to do damn near anything

not a programmer in the least but I do have many dev boards to make sh1t with from an orange p1 zero 3 to an airboard and all I do is cut and paste from libraries and git repositories
that sh1t doesnt go as well when dealing with C and Java
+25   

 2 months ago '11        #4
Slingy 
Props total: 14492 14 K  Slaps total: 3788 3 K
Aka stop ripping code from people on GitHub lol
+9   

 2 months ago '15        #5
Hellmatic 
Props total: 96752 96 K  Slaps total: 8386 8 K
If the government doesn't want you using it. It's probably not to help or a good cause. There's an underlying reason other than the one they're saying
+15   

 2 months ago '15        #6
METABaron 
Props total: 10668 10 K  Slaps total: 2656 2 K
Stop using object oriented programming languages that have tr@nsformed the world and technology tremendously in the years they were developed and their flexibility is the main reason they are still used as the basis for other languages today (Java, C#, etc…)

Said by the same people (White House) who mandated experimental cancer jabs, saying men can get pregnant, 3 year olds can consent to gender surgery and lets in criminal migrants by the millions.

Sure lol
+14   

 2 months ago '12        #7
Binds 
Props total: 17678 17 K  Slaps total: 1190 1 K
invest in cyber security if u wanna make some money in the future still an undervalued sector
+15   

 2 months ago '11        #8
Sin  topics gone triple plat - Number 1 spot x69
Props total: 226324 226 K  Slaps total: 29603 29 K
🔗

+9   

 2 months ago '22        #9
podcast 
Props total: 2428 2 K  Slaps total: 618 618
 METABaron said 🔗
Stop using object oriented programming languages that have tr@nsformed the world and technology tremendously in the years they were developed and their flexibility is the main reason they are still used as the basis for other languages today (Java, C#, etc…)

Said by the same people (White House) who mandated experimental cancer jabs, saying men can get pregnant, 3 year olds can consent to gender surgery and lets in criminal migrants by the millions.

Sure lol
I was kinda thinking the same thing. But you can use C sharp and play on your tablet.
+3   

 2 months ago '22        #10
92bricks9shots 
Props total: 11623 11 K  Slaps total: 1670 1 K
I hated my c++ cla$s in school lol I’m kinda tight they making it obsolete in the future
+9   

 2 months ago '07        #11
MOTTAFOOKAH 
Props total: 8681 8 K  Slaps total: 1394 1 K
Everything can be hacked, just put the talent around that can mitigate and prevent any damage
+9   

 2 months ago '04        #12
eazyvaboy  topics gone triple plat - Number 1 spot x14
Props total: 59903 59 K  Slaps total: 2747 2 K
 METABaron said 🔗
Stop using object oriented programming languages that have tr@nsformed the world and technology tremendously in the years they were developed and their flexibility is the main reason they are still used as the basis for other languages today (Java, C#, etc…)

Said by the same people (White House) who mandated experimental cancer jabs, saying men can get pregnant, 3 year olds can consent to gender surgery and lets in criminal migrants by the millions.

Sure lol
I have to respectfully disagree and suggest that the problem is not Object Oriented languages.

If you have a language like C or C++ that doesn't account for Out-of-Bounds-Reads and stuff like that, it is almost impossible to develop around it. The language has to inherently be able to prevent you from assessing previous or post memory contents in a list. Today with everything being multi=threaded, it is impossible to make test cases that would catch every potential erroneous element.

I mean procedural code might be good for embedded scripts and all but I haven't seen any large development shops not using object oriented whether it be Java/JavaScript, Ruby, Python etc.
+6   

 2 months ago '05        #13
Quddus 
Props total: 18730 18 K  Slaps total: 3660 3 K
 Sin said 🔗
↪🔗
So AI is going to replace programmers?
+5   

 2 months ago '17        #14
Abz 
Props total: 884 884  Slaps total: 195 195
 Sin said 🔗
↪🔗
Mastering "domain" is the aim.

Thank me later
+2   

 2 months ago '11        #15
awww  topics gone triple plat - Number 1 spot x9
Props total: 91184 91 K  Slaps total: 60480 60 K
emoji
almost every coder copy and pastes lol all that sh1t is and it’s their fault to begin with they should have stayed up to date now you bout to pay for it. The cyber infrastructure is dated, roads and dated every thing in the United States is dated and they argue too much to fix any of these issues
+7   

 2 months ago '16        #16
301216baller 
Props total: 49369 49 K  Slaps total: 5676 5 K
P4l

 2 months ago '11        #17
Sin  topics gone triple plat - Number 1 spot x69
Props total: 226324 226 K  Slaps total: 29603 29 K
 Quddus said 🔗
So AI is going to replace programmers?
I trust what Jensen says more than the White House

he definitely knows more about the future of tech than anyone
+6   

 2 months ago '12        #18
The2ndHorseman 
Props total: 34556 34 K  Slaps total: 2461 2 K
move away from C and C++?

never happening, embedded systems programming not to mention a bunch other sh1t
+2   

 2 months ago '21        #19
kevm3 
Props total: 3161 3 K  Slaps total: 418 418
What he's saying isn't wrong. There's Rust for lower level programming and Java, C#, Javascript, Python, etc. for higher level programming tasks. C/C++ were used primarily for speed, but with Rust, it makes sense to reduce new code in those languages unless absolutely necessary.
+2   

 2 months ago '07        #20
Eddie..|M 
Props total: 8045 8 K  Slaps total: 1975 1 K
 dubsax said 🔗
I like Python its cool like a swiss army knife but its hackable too
the reason why its so popular is because its the backbone of many exploits.

you can write or find a python script to do damn near anything

not a programmer in the least but I do have many dev boards to make sh1t with from an orange p1 zero 3 to an airboard and all I do is cut and paste from libraries and git repositories
that sh1t doesnt go as well when dealing with C and Java
i use python to write everything and have no idea about anything the article is talking about. i just wanted to say i use python to sound cool
+6   

 2 months ago '15        #21
METABaron 
Props total: 10668 10 K  Slaps total: 2656 2 K
 eazyvaboy said 🔗
I have to respectfully disagree and suggest that the problem is not Object Oriented languages.

If you have a language like C or C++ that doesn't account for Out-of-Bounds-Reads and stuff like that, it is almost impossible to develop around it. The language has to inherently be able to prevent you from assessing previous or post memory contents in a list. Today with everything being multi=threaded, it is impossible to make test cases that would catch every potential erroneous element.

I mean procedural code might be good for embedded scripts and all but I haven't seen any large development shops not using object oriented whether it be Java/JavaScript, Ruby, Python etc.
Good points, but I’m still gonna use All flavors of C until I don’t tho.
+3   

 2 months ago '18        #22
Thefootclan 
Props total: 787 787  Slaps total: 101 101
 Binds said 🔗
invest in cyber security if u wanna make some money in the future still an undervalued sector
It's undervalued because of all the gatekeeping. They say xyz number of jobs are open but require insane amount of experience and certifications. It's very strange, but I hear there are loopholes to break into the field.
+8   

 2 months ago '11        #23
Sin  topics gone triple plat - Number 1 spot x69
Props total: 226324 226 K  Slaps total: 29603 29 K
 The2ndHorseman said 🔗
move away from C and C++?

never happening, embedded systems programming not to mention a bunch other sh1t
It’s time to upgrade those systems and AI can code it better

We’re in the middle of refreshing all of the core networking devices at my job

Even refreshing a core switch we refreshed in 2023 because they told us it’s now obsolete


Last edited by Sin; 02-29-2024 at 08:32 AM..
+1   

 2 months ago '16        #24
NatBurner 
Props total: 47643 47 K  Slaps total: 3753 3 K
 Binds said 🔗
invest in cyber security if u wanna make some money in the future still an undervalued sector
As someone who is currently going to school for Computer Information systems would Cyber Security still be under my umbrella?

 2 months ago '19        #25
Unfadeable07 
Props total: 4717 4 K  Slaps total: 947 947
 Abz said 🔗
Mastering "domain" is the aim.

Thank me later
What do you mean by mastering domain?
+3   

say something...

Sign me up
 
 

yesterday...


most viewed right now
props+17218
audio inside Nas - Define My Name (Produced By DJ Premier) 2024
238 comments
23 hours ago
@hiphop
most viewed right now
props+4618
Video inside The handyman to Nicole Brown, Glen Rodgers, was a serial k*ller
141 comments
1 day ago
@wild'ish
most viewed right now
12
Video inside Who’s auntie is this ??
73 comments
1 day ago
@wild'ish
most viewed right now
props+1710
Apr 18 - Israel has attacked Iran
289 comments
1 day ago
@news
back to top