02 Apr C & C ++ Programing Languages Still Allowed?
In the article, The US Government Wants Developers to Stop Using C and C++, the author, Steven J. Vaughan-Nichols asserts that the main resistance to this potential mandate is economic. That the cost of acquiring and adopting a different tool chain for use in creating new applications in alternative memory-safe languages or converting existing C and C++ application code bases is more costly or cost prohibitive. This may be partially true at some level, however, in the professional development realm, throughout the teams of everyday practitioners, the nature of the resistance is even more basic– like telling a chef he can no longer use his favorite knife due to the potential for injury.
The C / C++ languages are powerful and efficient. Here at Realtime, we have seen a lot of poorly constructed code that has made it all the way to the user (somehow), which is a true concern. Therefore, we rely on robust programming practices, modern code analysis tools, and multiple levels of verification testing to ensure the software functions as expected and required in the deployed environment.
As a set of prevention techniques, Realtime has developed robust programming practices to avoid the described pitfalls (memory leaks, etc.). As a set of mitigation techniques, Realtime employs use of modern development toolchains, compilers, static analysis tools, and code inspections to detect the issues and correct the code before it can be deployed in a critical production device or in a safety-related application. Additionally, software and system verification testing activities include run-time checks to ensure software and system self-consistency over an extended operational envelope.
Based on that explanation, it may seem like using C / C++ is more effort, when it really is not. These robust programming practices will need to be applied to software constructed with any language used in a critical application, as each language has its own quirks and pitfalls that must be avoided. Similarly, software must always be inspected/tested/challenged at multiple levels and from multiple perspectives to ensure the various types of possible defects are detected and corrected.
Elimination of selected tried and true, very powerful languages due to improper use at the practitioner level seems short-sighted and will not resolve the underlying root cause of poorly constructed software reaching users in the field or being deployed in a mission-critical application. Realtime’s management has mandated and our professional development and test staff have crafted strict source code construction, evaluation, inspection, and testing procedures that apply to all software we develop, regardless of language used. We document and collect objective evidence that shows compliance with these standards and requirements, and ensures that the identified cybersecurity threats are properly mitigated.
Additionally, Realtime employs an expert staff that develops in other memory-safe languages (i.e. – C#, Java, and others) if you desire to avoid C / C++.
Garyld Miles, Realtime VP of Operations and Engineering.
The Realtime Group is your C / C++ certified development partner. We have a shared passion for time-to-market and product compliance. Visit us at www.TheRealtimeGroup.com or call us at 972-985-9100 to see how we can help you with your product development and testing!