NSA Deems C++ 'Memory Unsafe' - What's Next?

That sounds interesting. Are there still Ada programmers? :)

Looking at Ada, it has all the perfect constraints for types. Would love to try it

@@tdws Yes, and there is demand for them.

Thank you for the update! We can't imagine it's an easy problem to solve, given the long history and tradition of C++, and the amount of existing code. Hopefully they will have news soon.

This is an interesting view, but that's not what memory safety means in this context. Memory safety is roughly about how many checks a programming language does on memory-related operations. A traditional issue with C++ was pointer arithmetic, which, when misused or exploited, can allow a program to arbitrary access memory. See the wikipedia article for more context on the topic: www.wikiwand.com/en/Memory_safety.
As for the safety of Linux servers, it seems to be due to efforts of engineers: specific design choices, reviews, and many hours on finding and plugging security issues. There are too many differences between OS development and application development to conflate the two, and we were mostly talking about applications.
Interesting point though that GG and MS might want to push for a switch from Linux servers, presumably to their own cloud offerings. It's hard to imagine this happening, but we'll have to wait and see.

@@tdws Thank you, I appreciate that you got some of my pointers. As for the proglang, a strict guidelines should be implemented and must be followed to minimize if not totally eliminate the problems concerning the usage of memory and other resources and no proglang is excepted on this matter. It's like continues support and product patching until the product cycle ends much like what Linux engineers have been doing eversince.

Yes that is true. I mean why not just design the machine instructions in such a way that it is impossible to write any software on that machine that would crash or have security vulnerabilities? Why is it solely the responsibility of the software?
And the answer is, such a machine would no longer be a computer. No longer a general purpose machine. It would be completely safe, but also highly restricted in what it can do.
Low-level languages cannot guarantee safety without losing the expressibillity and flexibility of the language. Safety has to be guaranteed by the way the language is used and the environment in which it is used not the language itself.

Based on what I understand about this huge topic, there seems to be a trade-off between security in programming languages, performance, and functionality. More checks require CPU cycles, and more restrictions disallow specific use cases for system languages. For example, could you write a device driver or a boot loader with all the checks in place? I assume it would be difficult, if not impossible in certain situations. However, the "secure by default" principle should be followed in general purpose programming languages, with the ability to turn off some of the checks. A simple example is immutability: it is a great way to write most programs, and it helps remove a lot of potential bugs, which is why it should be the default in programming languages. But we need to be able to turn it off occasionally, for specific parts of the code, to allow for performance improvements or even implementing features that aren't possible otherwise. Another option would be to separate languages by goals, or maybe have different profiles for system development, application development, server dev etc. What do you think?