Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.

  • AggressivelyPassive@feddit.de
    link
    fedilink
    arrow-up
    17
    arrow-down
    1
    ·
    9 months ago

    When was the last time you’ve heard of a memory safety issue in Java code? Not the runtime or some native library, raw dogged Java.

    Memory safety isn’t a silver bullet, but it practically erases an entire category of bugs.

    • mlg@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      9 months ago

      Fair point, even log4j was running java code, not literally hijacking the stack or heap.

      That being said, I’m poking fun because C and C++ have low level capabilities of which only Rust offers a complete alternative of. Most of everything else is safe because it comes packaged with a garbage collector which affects performance and viability. I think Go technically counts if you set the GC allocation to 0 and use pointers for everything, but might as well use Rust or C at that point.

      I guess I’m just complaining out of all the issues ONCD could point out, they went after the very broad “memeory-safe is always better” when most of the people using C and C++ need the performance. They only offered Rust as a potential alternative in the report with nothing else which everyone already knows. Would be nice to see them make a real statement like telling megacorps to stop using unencrypted SCADA on the internet.