“While formal methods have been studied for decades, their deployment remains limited; further innovation in approaches to make formal methods widely accessible is vital to accelerate their broad adoption.” — White House

Well gosh. I applied to US research programs with an interest in formal methods and was rejected absolutely across the board. Good luck to you. ↑

I’ve been in the industry long enough to know that there’s a significant number of devs that will refuse to adopt new language standards. I’m 100% confident there are C++ devs still writing C++03 style code. Both because they simply haven’t taken the time to know what’s in C++11 and later and because they have some mistrust and even irrational fears about enabling C++11 and later feature sets on their codebases. ↑

It’s unfortunate that Mr. Sutter still throws C and C++ into one bucket, and then concludes that bounds checking is a problem that "we" have. This data really needs to be split into three categories: C, C++ as written by people that will never progress beyond C++98, and C++ as written by people that use modern tools to begin with. The first two groups should be considered as being outside the target audience for any kind of safety initiative. ↑

C++ has too much undefined behaviour to become a safe programming language in the foreseeable future. One way or another, all the C++ experts cited here agree on that.

<…​> the narrative of C++ as inherently unsafe oversimplifies the situation. The language has undergone substantial evolution, with modern iterations emphasizing safer memory practices without compromising the language’s core principles of efficiency and control.

The journey toward making C++ a safer language is complex and fraught with challenges. However, the discussions and proposals led by Stroustrup and supported by the broader C++ community suggest a forward path that respects the language’s legacy while addressing the pressing needs of modern computing.

Right now, many of the articles about modern C++ and memory safe C++ end up preaching to the choir. The advice doesn’t reach all corners of industry, and many places in academia are stuck in their ways. If you go to small CS programs at small schools, you will frequently find people learning C++ as C++ 98 or C++03, so they see C++ as “C with Classes and Templates” or “Java without a GC”. ↑

Old codebases need maintenance. It is a technical debt that comes due eventually. The most direct approach to improve security and quality of C++ project is to migrate to more recent C++ specification and compilers. Adding layer of "rust" to old codebases is not going to make them safer or better. ↑

<…​> the internet likes to perpetuate the myth that C++ is a soon-to-be-dead language. I’ve seen many people say not to learn C++ because Rust can do basically everything C++ can do but is much easier to work with and almost guaranteed to be memory safe. This narrative is especially harmful for new developers who focus primarily on what languages they should gain experience in. This causes them to write off C++ which I think is a huge mistake because it’s actually one of the best languages for new developers to learn.

Learning Rust is an interesting experience, because while many things initially feel like "this is a special problem only I’m having", later one realizes that there’s a few fundamental patterns that are universal, and that everyone learning has to re-discover and internalize in order to be productive. <…​> there is an overwhelming force in the Rust community that when anyone mentions they’re having problems with Rust the language on a fundamental level, the answer is "you just don’t get it yet, I promise once you get good enough things will make sense" <…​> The problem you’re having is only a problem because you haven’t tried hard enough.

The vast majority of opinions that people espouse relate to their need to justify their decisions and should be of no interest to you. They are not trying to help you, they are trying to help themselves. Carry on. Good luck. ↑

I think programming is like running a dishwasher. It always takes longer than you think and some stuff is never as clean as you expected it to be.