Secure Coding mailing list archives

Why Shouldn't I use C++?

From: bencorneau at adelphia.net (Ben Corneau)
Date: Tue, 31 Oct 2006 21:08:11 -0500

From time to time on this list, the recommendation is made to never user C++

when given a choice (most recently by Crispin Cowan in the "re-writing
college books" thread). This is a recommendation I do not understand. Now,
I'm not an expert C++ programmer or Java or C# programmer and as you may
have guessed based on the question, I'm not an expert on secure coding
either. I'm also not disagreeing with the recommendation; I would just like
a better understanding.

I understand that C++ allows unsafe operations, like buffer overflows.
However, if you are a halfway decent C++ programmer buffer overflows can
easily be avoided, true? If you use the STL containers and follow basic good
programming practices of C++ instead of using C-Arrays and pointer
arithmetic then the unsafe C features are no longer an issue?

C and C++ are very different. Using C++ like C is arguable unsafe, but when
it's used as it was intended can't C++ too be considered for secure
programming?

Ben Corneau

Current thread:

Why Shouldn't I use C++? Ben Corneau (Oct 31)
- Why Shouldn't I use C++? Robert C. Seacord (Nov 01)
- Why Shouldn't I use C++? ljknews (Nov 01)
- Why Shouldn't I use C++? Leichter, Jerry (Nov 01)
- Why Shouldn't I use C++? Crispin Cowan (Nov 02)
- <Possible follow-ups>
- Why Shouldn't I use C++? Peter Amey (Nov 01)
- Why Shouldn't I use C++? Gary McGraw (Nov 01)