Re: The Case for Rust (in any system)

From: Jan Knepper <jan_at_digitaldaemon.com>
Date: Tue, 10 Sep 2024 00:36:46 UTC
On 9/9/24 15:18, fvalasiad wrote:
> I am beyond curious to see any reasonable study on C++ projects that employ RAII, use the STL and generally speaking follow modern guidelines, that still suffer from memory related CVEs.
>
It is what many, including myself, have done for the last ~3.5 decades...

Rarely suffer any memory related CVEs. This is also due to the use of 
shared_ptr <>, unique_ptr <>, etc, the use of analyzers, such as 
Coverity, SonarQube, etc, etc, etc. When we deal with them, mostly 
during development testing, it is often because somebody is maintaining 
legacy code that has not been developed by them, and the person who 
originally developed the code it is no longer available.

Of course we deal with some C++ code that originally was written 30+ 
years ago, which has undergone several revisions to meet newer C++ 
standards.

New code is developed following the C++20 (2020) standards.

However, it certainly takes effort to have all the noses of the team 
members pointing to the the same standard...  Code Review enforces it 
and force those who lag to redesign their code to modern standards.