Bjarne Stroustrup Defends C++ Safety Against NSA’s Call for Memory‑Safe Languages
Creator of C++ Bjarne Stroustrup counters the NSA’s recommendation to replace C/C++ with memory‑safe languages, arguing that modern C++ has evolved with robust safety features, static analysis, and guidelines that can ensure type and resource safety without abandoning the language.
In a recent discussion, the U.S. National Security Agency (NSA) recommended organizations switch from C/C++ to memory‑safe languages such as C#, Rust, Go, Java, Ruby, or Swift.
Bjarne Stroustrup, the creator of C++, responded that the NSA’s claim that “safe” languages are superior in critical applications is not accurate, noting the many advances C++ has made over the past three decades.
He argues that while “safe” languages focus on memory safety, they ignore other ways a language can be misused to compromise security.
Stroustrup emphasizes that the C++ Core Guidelines and modern static analysis tools provide strong type‑ and resource‑safety guarantees, often more easily than migrating to a new language.
He outlines a three‑point strategy for safe C++ development:
Use static analysis to verify that no unsafe code is executed.
Simplify coding rules so that industrial‑scale static analysis is feasible.
Provide libraries that make writing the simplified code easy while ensuring runtime checks when needed.
He also notes that C++ is still widely used in aerospace, medical devices, AI/ML, biomedical research, and high‑energy physics, with millions of developers and billions of lines of code.
For further reading, see the C++ Core Guidelines paper and Stroustrup’s interview with InfoWorld.
IT Services Circle
Delivering cutting-edge internet insights and practical learning resources. We're a passionate and principled IT media platform.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.