Daily News Update: Monday, March 3, 2025 (Australia/Melbourne)
This post is an AI-generated summary of News Articles from a handful of publications over the last 24 hours. No credit is taken for the contents of said articles or the accuracy thereof.
C++ Creator Calls for Help to Defend Programming Language from 'Serious Attacks'
Urgent Call for Action in the C++ Community
Bjarne Stroustrup, the creator of C++, has raised alarms regarding the programming language's memory safety issues. Over recent years, C and C++ have faced criticism from cybersecurity experts for their reliance on manual memory management, which leads to vulnerabilities like out-of-bounds reads and writes. These vulnerabilities are prevalent in large codebases and have been linked to significant security breaches.
Stroustrup's call to action highlights the need for the C++ community to address these concerns, especially as many organizations are shifting towards languages with better memory safety features, such as Rust and Go. He has proposed several initiatives aimed at improving memory safety within C++, including:
- TrapC
- FilC
- Mini-C
- Safe C++
Despite these proposals, Stroustrup emphasizes that the community lacks a compelling narrative to counter the growing preference for Rust. He urges the C++ Standards Committee (WG21) to take decisive action, stating, "This is clearly not a traditional technical note proposing a new language or library feature. It is a call to urgent action partly in response to unprecedented, serious attacks on C++."
Stroustrup's concerns are echoed by other experts in the field. Robin Rowe, leading the TrapC project, doubts that the proposed Profiles will be ready in time to address the looming threats. He warns that enforcing Profiles could lead to significant code rewrites, which may not be feasible for many developers.
The urgency of this situation is underscored by a report from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which suggests that by January 1, 2026, manufacturers must have a memory-safety roadmap for products using memory-unsafe languages. Stroustrup considers this a credible threat to the future of C++.
The Register | "C++ creator calls for help to defend programming language from 'serious attacks'"
US Cyber Command Reportedly Pauses Cyberattacks on Russia
Shift in Cyber Operations Against Russia
Recent reports indicate that U.S. Defense Secretary Pete Hegseth has ordered a pause on offensive cyber operations against Russia. This decision has been confirmed by multiple news outlets, although the Cybersecurity and Infrastructure Security Agency (CISA) has denied any changes in its overall posture regarding cyber threats.
Cyber Command, which is responsible for defending the nation and engaging adversaries in the cyber domain, is now reportedly focusing on a strategy that may involve negotiating with Russia regarding its cyber activities, particularly in light of ongoing tensions related to Ukraine.
CISA's public statements emphasize that their mission remains unchanged, asserting that they continue to defend against all cyber threats, including those from Russia. However, the timing of these statements raises questions about the effectiveness of U.S. cyber operations, especially given Russia's history of cyberattacks against American targets.
The implications of this pause are significant, as it could embolden Russian cyber actors who have previously engaged in high-profile attacks against U.S. infrastructure. Analysts suggest that this shift may be part of a broader strategy to recalibrate U.S. foreign policy, allowing the administration to focus more on threats from China.
The Register | "US Cyber Command reportedly pauses cyberattacks on Russia"
Metadata
- Keywords: C++, memory safety, Bjarne Stroustrup, US Cyber Command, cybersecurity, CISA, offensive operations, Russia, programming languages, cyber threats.
