>From time to time on this list, the recommendation is made to never user C++ when given a choice (most recently by Crispin Cowan in the "re-writing college books" thread). This is a recommendation I do not understand. Now, I'm not an expert C++ programmer or Java or C# programmer and as you may have guessed based on the question, I'm not an expert on secure coding either. I'm also not disagreeing with the recommendation; I would just like a better understanding.
I understand that C++ allows unsafe operations, like buffer overflows. However, if you are a halfway decent C++ programmer buffer overflows can easily be avoided, true? If you use the STL containers and follow basic good programming practices of C++ instead of using C-Arrays and pointer arithmetic then the unsafe C features are no longer an issue? C and C++ are very different. Using C++ like C is arguable unsafe, but when it's used as it was intended can't C++ too be considered for secure programming? Ben Corneau _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
