Latest Friday , BANKS, AIRPORTS, TV stations, healthcare organizations, hotels, and numerous other businesses are experiencing widespread IT outages, leading to grounded flights and extensive disruption, as Windows machines have encountered errors globally. And we wrote a post explaining that soon they would blame C++ for that, and that is exactly what is happening, as we can see here.
The main reason we encounter annoying issues in C++ is its widespread use in critical systems due to its power. In these critical systems, even a single bug can lead to a disaster.
Suppose all critical systems were developed in Java or C#. Would we have safe systems? The answer, as Herb Sutter explained in this detailled post is no.
But there have been misconceptions, too, including focusing too narrowly on programming language safety as our industry’s primary security and safety problem — it isn’t. Many of the most damaging recent security breaches happened to code written in MSLs (e.g., Log4j) or had nothing to do with programming languages (e.g., Kubernetes Secrets stored on public GitHub repos).
And as Herb Sutter pinpointed, most of 2023’s top 10 most dangerous bugs are not related to memory safety.
Most of 2023’s top 10 “most dangerous software weaknesses” were not related to memory safety. Many of 2023’s largest data breaches and other cyberattacks and cybercrime had nothing to do with programming languages at all.
Blaming C++ for the prevalence of software bugs is a simplistic view that overlooks the broader context of software development. While C++ offers a high degree of control and performance, it requires careful and skilled usage to avoid pitfalls. The same can be said for any programming language, each with its own set of challenges and potential issues.
Ultimately, the responsibility for software quality lies with developers, testers, and the development process itself. Emphasizing proper education, rigorous testing, and adherence to best practices can mitigate many of the risks associated with any programming language, including C++. Rather than vilifying a tool, we should focus on improving how we use it to create reliable, secure, and efficient software.
