Work on the Secure C++ extensions proposal, cast a yr in the past to deal with reminiscence security within the language, has ceased, in accordance with Harry Bott, the CEO of the C++ Alliance, which oversaw the proposal. The plan misplaced out to security profiles from C++ founder Bjarne Stroustrup.
“Sure, work on Secure C++ inside ISO has been discontinued,” Bott stated September 29 in response to an InfoWorld e mail inquiry. The C++ Security and Safety SG/EWG (Research Group/Evolution Working Group) committee prioritized security profiles from Stroustrup instread, Bott stated. The ballot was 19 for Profiles, 9 for Secure C++, 11 for each, and 6 impartial. “Profiles moved ahead as an incremental, backward‑appropriate path possible for C++26 timelines,” Bott stated. “Against this, Secure C++ didn’t attain committee consensus and was seen to suggest elementary redesign and excessive specification/implementation danger, with broad ecosystem‑migration issues. Profiles had been additionally seen because the quickest sensible response to regulatory stress for reminiscence security.” Thus C++ security work continues by way of Profiles and associated library and tooling efforts within the committee.
Secure C++ extensions had been meant to supply C++ builders memory-safe implementations of important knowledge constructions and algorithms, together with options that stop frequent memory-related errors. C++, together with the C language, had been the goal of criticism by the Biden White Home over reminiscence security issues. Nonetheless, Sean Baxter, a key advocate of the Secure C++ proposal, stated earlier this month that he stopped engaged on the plan late final yr. “The C++ committee acted shortly to precise that this wasn’t the popular means ahead,” Baxter stated in a September 15 e mail.
