[SC-L] Why Shouldn't I use C++?
Ben Corneau
bencorneau at adelphia.net
Tue Oct 31 21:08:11 EST 2006
>From time to time on this list, the recommendation is made to never user C++
when given a choice (most recently by Crispin Cowan in the "re-writing
college books" thread). This is a recommendation I do not understand. Now,
I'm not an expert C++ programmer or Java or C# programmer and as you may
have guessed based on the question, I'm not an expert on secure coding
either. I'm also not disagreeing with the recommendation; I would just like
a better understanding.
I understand that C++ allows unsafe operations, like buffer overflows.
However, if you are a halfway decent C++ programmer buffer overflows can
easily be avoided, true? If you use the STL containers and follow basic good
programming practices of C++ instead of using C-Arrays and pointer
arithmetic then the unsafe C features are no longer an issue?
C and C++ are very different. Using C++ like C is arguable unsafe, but when
it's used as it was intended can't C++ too be considered for secure
programming?
Ben Corneau
More information about the SC-L
mailing list