The US government wants devs to stop using C and C++ • The Register
https://www.theregister.com/2024/11/08/the_us_government_wants_developers/ ... the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI announced they were doubling down on their efforts to persuade software manufacturers to abandon "memory-unsafe" programming languages such as C and C++ ... The report on Product Security Bad Practices <https://www.cisa.gov/resources-tools/resources/product-security-bad-practice...> warns software manufacturers about developing "new product lines for use in service of critical infrastructure or [national critical functions] NCFs in a memory-unsafe language (eg, C or C++) where there are readily available alternative memory-safe languages that could be used is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety." In short, don't use C or C++. ... -- EN https://www.hoepli.it/libro/la-rivoluzione-informatica/9788896069516.html ====================================================== Prof. Enrico Nardelli Past President di "Informatics Europe" Direttore del Laboratorio Nazionale "Informatica e Scuola" del CINI Dipartimento di Matematica - Università di Roma "Tor Vergata" Via della Ricerca Scientifica snc - 00133 Roma home page: https://www.mat.uniroma2.it/~nardelli blog: https://link-and-think.blogspot.it/ tel: +39 06 7259.4204 fax: +39 06 7259.4699 mobile: +39 335 590.2331 e-mail: nardelli@mat.uniroma2.it online meeting: https://blue.meet.garr.it/b/enr-y7f-t0q-ont ====================================================== --
On Sat, Nov 09, 2024 at 07:17:16PM +0100, Enrico Nardelli wrote:
https://www.theregister.com/2024/11/08/the_us_government_wants_developers/
... the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI announced they were doubling down on their efforts to persuade software manufacturers to abandon "memory-unsafe" programming languages such as C and C++ ...
La ricerca in sicurezza (più nella sua accezione "safety", in inglese, che "security") è ormai inequivocabile sul fatto che niente riduce quantitativamente le potenziali vulnerabilità in programmi scritti a livello sistema ("systems programming") quanto l'uso di linguaggi che, intrinsecamente, impediscono l'uso insicuro della memoria. Non posso quindi dare loro torto. Ma l'aspetto più interessante qui è che un governo abbia un'opinione in materia. Giusta o sbagliata che sia, il governo italiano ha un'opinione su come rendere più sicuro il software strategicamente importante per il paese nei prossimi 10-20 anni? (Mi scuso per la domanda retorica.) Ciao -- Stefano Zacchiroli . zack@upsilon.cc . https://upsilon.cc/zack _. ^ ._ Full professor of Computer Science o o o \/|V|\/ Télécom Paris, Polytechnic Institute of Paris o o o </> <\> Co-founder & CSO Software Heritage o o o o /\|^|/\ Mastodon: https://mastodon.xyz/@zacchiro '" V "'
participants (2)
-
Enrico Nardelli -
Stefano Zacchiroli