What is the new safe C proposal and what do programmers need to know

In 2020, Google identified that more than 70% of its Chrome browser's severe security bugs were in fact caused by memory safety issues.

“That is,” the Chrome team said, “mistakes with pointers in the C or C++ languages which cause memory to be misinterpreted.”

In 2022, the NSA weighed in on memory safety with Neal Ziring, its cybersecurity technical director saying that “Memory management issues have been exploited for decades and are still entirely too common today. We have to consistently use memory safe languages and other protections when developing software to eliminate these weaknesses from malicious cyber actors.”

That wasn't the end of the matter, however. Memory safe programming languages have continued to be under an intense spotlight. In February of this year, the US White House Office of the National Cyber Director (ONCD) issued a report advising that all programmers should move to memory-safe programming languages.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

5 jobs to discover this week

The report pointed out that the burden of cybersecurity threat protection is currently placed on end users, and that, “efforts must be made to proactively eliminate entire categories of software vulnerabilities.”

The report elaborated further, saying that, “Experts have identified a few programming languages that both lack traits associated with memory safety and also have high proliferation across critical systems, such as C and C++.”

Memory safety matters now more than ever, because so much more of what we do happens online. The pandemic accelerated the rapid adoption of ecommerce, online payments, and digital advertising, according to the World Economic Forum.

As a result there are a lot more potential vulnerabilities to exploit. Stack Overflow points out that some of the biggest vulnerability events of the past were memory-safety issues.

These include 2014's Heartbleed, which affected OpenSSL software allowing bad actors to steal X.509 certificates, usernames and passwords, instant messages, and emails. In 2017, the WannaCry ransomware attack garnered massive attention as it spread globally, infecting more than 230,000 computers.

A new Consumer Security and Financial Crime Report from Revolut points to Meta platforms as the biggest source of all scams (62%) globally during the first half of 2024. Revolut identified that Facebook had fraud volumes (39%) which were more than double that of WhatsApp (18%).

Making C++ safe

Memory safe languages do exist and include Rust, Go, Java, Swift, and Python. C++ is under particular scrutiny because of the amount of critical code that has been written in it.

Given the context, it isn't so surprising that the C++ community has reacted, announcing the Safe C++ Extensions proposal in September of this year. ​​The work is being done via the C++ Alliance, and its president and executive director Vinnie Falco said that this was, “a revolutionary proposal that adds memory safety features to the C++ programming language.”

Falco added that: “the need for safe code has never been more pressing. With the increasing importance of software security and reliability, developers are facing mounting pressure to adopt safer coding practices. The Safe C++ Extensions aim to address this critical need by introducing novel features that prevent common memory-related errors.”

So will this fix the issue? Some critics are skeptical, and the developer from the C++ Alliance, Sean Baxter points out that:

“There's only one popular systems level/non-garbage collected language that provides rigorous memory safety. That's the Rust language. Although they play in the same space, C++ and Rust have different designs with limited interop capability, making incremental migration from C++ to Rust a painstaking process.”

A number of actions are suggested to ensure performant C++ code, including prohibiting developers from writing operations that might result in lifetime safety, type safety, or thread safety undefined behaviors.

Additionally, there are other challenges, with Baxter pointing out that, “Although they play in the same space, C++ and Rust have different designs with limited interop capability, making incremental migration from C++ to Rust a painstaking process.”

Moving code to memory safe status will be painstaking and time-consuming, but the Defense Advanced Research Projects Agency (DARPA) is seeking to bridge this gap using AI. It is developing a programmatic code conversion vehicle called TRACTOR (Translating All C TO Rust).

It says that, “the goal is to achieve the same quality and style that a skilled Rust developer would produce, thereby eliminating the entire class of memory safety security vulnerabilities present in C programs.”

Ready to find your next software role? Check out The Next Web Job Board

Also tagged with

Published
Back to top