Hardening C++ with Bjarne Stroustrup

An interview in Software Engineering Daily with Bjarne on the recent announcements by the NSA and the forthcoming CRA from the EU against the use of C++ based on security concerns.

Hardening C++ with Bjarne
Bjarne Stroustrup

From the interview:

Bjarne wishes for more support rather than calls to drop the use and teaching of C++ altogether. Especially in light of how much progress the C++ 17, 20 and 23 mean to the language but also how using the core guidelines and modern static analysis can reduce vulnerabilities considerably. 

PVS-Studio 7.12 New Features for Finding Safety and Security Threats

At the moment, PVS-Studio is developing not only as a static analyzer searching for code quality defects (quality control solution) but also as a solution for searching for security and safety defects.

PVS-Studio 7.12 New Features for Finding Safety and Security Threats

by Nikolay Mironov, Paul Eremeev

From the article:

Well, to waste no time, let's point out the additions right away. So, here is what's new, safe, and cool in PVS-Studio:

  • New diagnostic groups OWASP ASVS and The AUTOSAR C++14 Coding Guidelines have been added to the analyzer. Previously, the compliance of PVS-Studio diagnostic rules with these standards was available only on our website. Now we have more than 50 new diagnostic rules!
  • Now the analyzer shows information about the compliance of the warnings with the SEI CERT Coding Standard. This information formerly was available only on the PVS-Studio website.
  • The interface of our plugins for Visual Studio, JetBrains Rider, and IntelliJ IDEA has been improved to ease the work with analyzer messages that have safety and security standards identifiers.
  • New diagnostic groups (OWASP, AUTOSAR) in PlogConverter are supported.
  • New diagnostics (OWASP, AUTOSAR) are supported in SonarQube at the tag level. We classified our diagnostic rules by OWASP Top 10.