Microsoft security chief engineer suggests scrapping of C and C++

Posted on Friday, July 19 2019 @ 10:22 CEST by Thomas De Maesschalck
MSFT logo
Gavin Thomas, principal security engineering manager at Microsoft Security Response Center (MSRC), suggests it may be time to move away from legacy languages like C and C++. While these programming languages are still widely used, even by Microsoft, Thomas points out that from a security point of view, it would be wise to switch to something more modern with memory security guarantees.

Thomas observed the majority of vulnerabilities fixed and with a CVE assigned are caused by memory corruption bugs, which is something that can be prevented via programming languages that are safer to use.

The Register notes that while Microsoft had bad experiences with rewriting the Windows shell in C# and Windows Presentation Foundation (Project Longhorn for Windows Vista), the solution may be Mozilla's Rust:
"If only the developers could have all the memory security guarantees of languages like .NET C# combined with all the efficiencies of C++. Maybe we can," wrote Thomas.

The language he has in mind is Mozilla's Rust, designed for system programming with an emphasis on speed, memory and thread safety, and other security features.
The post also suggests Microsoft Security Response Center will do more efforts to lecture internal developer teams to move away from unsafe legacy languages and try out modern alternatives.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews