this post was submitted on 03 Jul 2024
48 points (100.0% liked)

Programmer Humor

421 readers
7 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 

A shitpost about languages that generate CVEs

you are viewing a single comment's thread
view the rest of the comments
[–] rushaction@programming.dev 5 points 4 months ago (2 children)

... the only language where 90% of the world's memory safety vulnerabilities have occurred in the last 50 years

Yeah... That's a shit post alright.

I'm not a C developer myself, but that's just a low blow. Also, uncited ;).

[–] verstra@programming.dev 8 points 4 months ago* (last edited 4 months ago)

This is an overstatement, definitely. C is one of the few (mainstream) languages where memory safety vulnerabilities are even possible. So if you batch C and C++ together, they probably cover more than 90% of all the memory unsafe cove written in last 50 years, which is a strong implication that they will contribute to 90% of memory vulnerabilities.

All that said, memory vulnerabilities are about 65% of all high implact vulnerabilities on Chromium project^1 and about 70% of vulnerabilities at Microsoft ^2.

[–] 5C5C5C@programming.dev 6 points 4 months ago

Yeah the only way it would be that high is if it lumps C and C++ together. But at that point it may be an underestimate.