Comment by Nokinside
1 day ago
Because we want to write correct code. We want to verify the absence of many types of errors where amateurish language war stuff like Rust vs C does not even scratch the surface.
I would propose that we change your original statement "Ideally neither C nor C++ should be used when security matters." into:
"Ideally people who don't care about secrurity should not write code when security matters."
Can we agree that this is better than talking about programming languages?
Except security matters everywhere in modern computing, and the world is full of amateurs that call themselves engineers, writing C without any of those tools, or legal consequences.
If it mattered they would not be using C without any of those tools or techniques. Therefore, it is empirically proven that it either does not matter or they are deploying code unfit for purpose and should not be writing such code.
And that is precisely what they said:
> Ideally people who don't care about secrurity [sic] should not write code when security matters.
The absence of legal consequences further supports the fact that it does not matter.
There are always legal consequences, take a butchers...
https://www.google.com/search?q=any+case+law+to+defeat+this+...
It does certainly matter, it needed to go beyond what is acceptable for governments and security agencies to finally start reacting, since Morris worm came to be.
Naturally the move fast and break things culture sees it otherwise.