Bjarne Stroustrup Criticizes Biden Administration for Overlooking Modern C++ Strengths and Safety Efforts
Bjarne Stroustrup, the creator of C++, has recently responded to a Biden administration report urging developers to use memory-safe programming languages. The report, which highlights concerns about memory safety vulnerabilities in languages like C++ and C, has spurred Stroustrup to defend the merits of contemporary C++. In a statement issued on March 15, Stroustrup expressed surprise at what he perceives as a lack of recognition for the advancements in C++ and the ongoing efforts to enhance its safety features.
Stroustrup criticized the report’s authors for appearing unaware of the significant improvements in modern C++. “I find it surprising that the writers of those government documents seem oblivious of the strengths of contemporary C++ and the efforts to provide strong safety guarantees,” Stroustrup remarked. He acknowledged that while C++ is indeed complex, the language has evolved considerably since its inception in 1979. The advancements have included the adoption of modern techniques aimed at improving safety, such as RAII (Resource Acquisition Is Initialization) and the use of smart pointers.
The White House report, released on February 26, recommended reducing cybersecurity risks by favoring languages with stronger memory safety guarantees. C++ and C were specifically mentioned as examples of languages prone to memory safety issues. The report also cited languages like C#, Go, Java, Python, and Rust as more secure alternatives. This focus on memory safety has been echoed in various cybersecurity circles, including a November 2022 information sheet from the US National Security Agency (NSA).
In his response, Stroustrup emphasized that safety has been a core focus of C++ development from the beginning. He pointed out that contemporary C++ incorporates many features and techniques designed to mitigate safety risks. “Improving safety has been an aim of C++ from day one and throughout its evolution,” he said. Stroustrup highlighted the progress made from the early days of C++ to the present, noting that modern C++ practices significantly reduce the risks associated with manual memory management.
Stroustrup also addressed the complexity of achieving safety across the vast amount of existing C++ code. He acknowledged that while the language’s guidelines have evolved, not all code adheres to modern safety standards. “There are two problems related to safety. Of the billions of lines of C++, few completely follow modern guidelines,” he noted. He explained that the C++ standard committee is actively working on frameworks to improve safety, such as the Profiles framework, which specifies code safety guarantees and facilitates verification. However, he recognized that progress can be slow, prompting some to seek faster solutions.
In conclusion, Stroustrup’s defense of C++ underscores a broader debate about programming language safety and evolution. While the Biden administration’s report highlights valid concerns about memory safety, Stroustrup’s comments remind us that C++ has made significant strides in addressing these issues. The ongoing efforts to enhance C++ safety demonstrate a commitment to maintaining its relevance and effectiveness in modern software development.