Last year saw a proliferation of talks and articles about safety in C++. Lucian Radu Teodorescu gives an overview of these and presents a unified perspective on safety.
Governments triggered this entire discussion with their papers and plans to strengthen cyber defenses. The article states that some experts ask for our industry to be more regulated in this regard.
I am surprised that possible regulations are not even listed as a factor that in the decission to stay with C++ or move to something else.
Sure, COBOL is still around after decades, but nobody ever tried to pressure banks into replaceing that technology AFAICT.
What I find surprising is that there are a lot of steps between a free-for-all and state intervention through regulation that those experts seemed to have skipped altogether, such as voluntary auditing, state-sponsored industry initiatives to specify best practices, invest in the development of static analysis tools and memory profilers, or making vulnerable companies liable for the consequences of attacks.
But no, they jumped straight into state-imposed regulation. Because keeping people out is a solution?
There is no regulation at this time. There may not be regulation ever. Before there is any regulation we will see nudging into the “right” direction. Suggesting that companies define a memory safety roadmap could be considered as the very first nudge, or maybe not:-)
All I wanted to say is that ignoring the possibility of regulation in such a text seems a bit short-sighted to me.
Because industries don’t do shit until forced to. People have been writing code for decades and virtually nothing has been done on this topic, so government has to regulate.
Let’s ask Boeing about self regulation, for instance
Governments triggered this entire discussion with their papers and plans to strengthen cyber defenses. The article states that some experts ask for our industry to be more regulated in this regard.
I am surprised that possible regulations are not even listed as a factor that in the decission to stay with C++ or move to something else.
Sure, COBOL is still around after decades, but nobody ever tried to pressure banks into replaceing that technology AFAICT.
What I find surprising is that there are a lot of steps between a free-for-all and state intervention through regulation that those experts seemed to have skipped altogether, such as voluntary auditing, state-sponsored industry initiatives to specify best practices, invest in the development of static analysis tools and memory profilers, or making vulnerable companies liable for the consequences of attacks.
But no, they jumped straight into state-imposed regulation. Because keeping people out is a solution?
There is no regulation at this time. There may not be regulation ever. Before there is any regulation we will see nudging into the “right” direction. Suggesting that companies define a memory safety roadmap could be considered as the very first nudge, or maybe not:-)
All I wanted to say is that ignoring the possibility of regulation in such a text seems a bit short-sighted to me.
Because industries don’t do shit until forced to. People have been writing code for decades and virtually nothing has been done on this topic, so government has to regulate.
Let’s ask Boeing about self regulation, for instance