Once more unto the breach: C/C++ must die
July 20, 2016  

It’s hard to stay outraged in the face of the uncaring, unrelenting barrage of security disasters caused by C/C++. I’ve become numb to it, and only rarely bother to look closely at the evidence. But it does happen.

Such is the case with About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004, a banal list of atrocities like this:


Available for: OS X El Capitan v10.11 and later

Impact: A local user may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed through improved memory handling.

In total there are 36 items addressed in this Apple OS update. At least 31 of these (86%) are due to software flaws like memory corruption, type confusion, integer overflow, and out-of-bounds array accesses, which only afflict C/C++ programs. That is, the vast majority of security flaws we see in software today are due to the use of C/C++.

Wake up, sheeple: C/C++ must die.