>From time to time on this list, the recommendation is made to never user C++
when given a choice (most recently by Crispin Cowan in the "re-writing
college books" thread). This is a recommendation I do not understand. Now,
I'm not an expert C++ programmer or Java or C# programmer and as you may
have guessed based on the question, I'm not an expert on secure coding
either. I'm also not disagreeing with the recommendation; I would just like
a better understanding.

I understand that C++ allows unsafe operations, like buffer overflows.
However, if you are a halfway decent C++ programmer buffer overflows can
easily be avoided, true? If you use the STL containers and follow basic good
programming practices of C++ instead of using C-Arrays and pointer
arithmetic then the unsafe C features are no longer an issue?

C and C++ are very different. Using C++ like C is arguable unsafe, but when
it's used as it was intended can't C++ too be considered for secure
programming?

Ben Corneau


_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to