Hacker News new | past | comments | ask | show | jobs | submit login

C++ up to and including '98 spec was terrible from security perspective, not a iota better than plain C.



On the contrary,

- proper string and vector types (most compilers allow to enable bounds checking anyway)

- stronger rules for type conversions

- reference types for parameters

- better tooling for immutable data structures

- memory allocation primitives instead of getting sizeof wrong to malloc()

- collection library instead of reinventing the wheel in each project

- RAII

- smart pointers

- templates instead of error prone macros

- namespacing (usefull in large scale projects with prefix tricks)


I'm more interested in the the actual statistics for security vulnerabilities found in C vs. C++ programmes, rather than theoretical benefits one language might have over the other.


Any C++ vulnerabiliy caused by copy-paste compatibility with C is by definition a C vulnerabiliy.


All of which were heavy enough at the time to slow programs down enough that people chose to not use them in favor of faster, more portable C.


That is why Turbo Vision was written in C++ for MS-DOS, Mac OS transitioned from Object Pascal into C++ and Quake made use of Watcom C++.


id's engine was famously C, not C++, all the way through Quake 3.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: