this post was submitted on 03 Jul 2024
42 points (80.0% liked)

Programmer Humor

18388 readers
1297 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
Feyter@programming.dev
Vacant@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
42
"No way to prevent this" say users of only language where this regularly happens - 07/01/2024 (xeiaso.net)
submitted 1 week ago by onlinepersona@programming.dev to c/programmer_humor@programming.dev
21 comments fedilink hide all child comments
 

A shitpost about languages that generate CVEs

you are viewing a single comment's thread
view the rest of the comments
[–] rushaction@programming.dev 2 points 1 week ago (2 children)

... the only language where 90% of the world's memory safety vulnerabilities have occurred in the last 50 years

Yeah... That's a shit post alright.

I'm not a C developer myself, but that's just a low blow. Also, uncited ;).

[–] verstra@programming.dev 9 points 1 week ago* (last edited 6 days ago) (1 children)

This is an overstatement, definitely. C is one of the few (mainstream) languages where memory safety vulnerabilities are even possible. So if you batch C and C++ together, they probably cover more than 90% of all the memory unsafe cove written in last 50 years, which is a strong implication that they will contribute to 90% of memory vulnerabilities.

All that said, memory vulnerabilities are about 65% of all high implact vulnerabilities on Chromium project^1 and about 70% of vulnerabilities at Microsoft ^2.

[–] calcopiritus@lemmy.world 2 points 1 week ago

So we'd only fix 70% of vulnerabilities by switching to rust? Not enough! Better keep writing C/C++!

[–] 5C5C5C@programming.dev 6 points 1 week ago

Yeah the only way it would be that high is if it lumps C and C++ together. But at that point it may be an underestimate.