Why Bjarne Stroustrup Defends C++ Against the US Government’s Memory‑Safety Push

Background

Following a U.S. government security advisory that recommends replacing languages such as C and C++ with memory‑safe alternatives, Bjarne Stroustrup, the creator of C++, defended the language, emphasizing its modern safety features and ongoing efforts to provide strong security guarantees.

Stroustrup’s Response

In an interview with technical media on March 15, Stroustrup highlighted the advantages of the language designed in 1979, noting that security has always been a core goal of C++ development.

He stated, “In some respects, they seem to have realized that a programming language is only part of the toolchain, so improved tools and development processes are essential.”

Stroustrup also stressed that improving security remains a continuous objective for C++.

Evolution of Safety in C++

He explained that from the earliest days of C and early C++ to today, the language has consistently aimed to increase safety. At CppCon 2023, he described this evolution, saying that high‑quality C++ is written using techniques such as RAII (Resource Acquisition Is Initialization), containers, and smart pointers rather than traditional C‑style pointer misuse.

Government Reports on Memory Safety

The White House released a report on February 26 urging developers to reduce cyber‑attack risk by using languages without memory‑safety vulnerabilities. Although the report did not name specific languages, C and C++ were widely interpreted as the primary examples.

The U.S. National Security Agency (NSA) in November 2022 listed C#, Go, Java, Python, and Rust as memory‑safe languages.

NSA Commentary and Example

NSA technical director Neal Ziring warned that memory‑management problems have been exploited for decades and remain common today. He illustrated the issue with the following C code that leaks memory:

int main() {
    int *memory;
    // Allocate 200 ints.
    memory = malloc(200 * sizeof(int));
    // Allocate 100 more ints.
    // ERROR: This will compile, but will leave the previously
    // allocated memory hanging, with no way to access it.
    memory = malloc(100 * sizeof(int));
    // Free second block of 100 ints.
    // The first block is not freed.
    free(memory);
    return 0;
}

The malloc function allocates memory, and the first allocation is never freed. Repeated allocations without releases can enable denial‑of‑service attacks by exhausting system memory.

Ongoing Efforts in C++ Security

Stroustrup outlined several initiatives aimed at enhancing C++ security, including the development of configuration profiles that specify required guarantees and enable static analysis and minimal runtime checks. He noted that the C++ standards committee is working on improving type and resource safety, with a focus on gradually eliminating common errors such as out‑of‑bounds accesses.

While the NSA recommends memory‑safe languages, Stroustrup argues that modern C++ already provides substantial safety mechanisms and that continued standards work will further close any gaps.