undefined | Better HN

0 pointsmiohtama5mo ago0 comments

You can find historical SQLite CVEs here

https://www.sqlite.org/cves.html

Note that although code matures the chances of C Human error bugs will never go to zero. We have some bad incidents like Heartbleed to show this.

0 comments

hnlmorg5mo ago

Heartbleed was a great demonstration of critical systems that were under appreciated.

Too few maintainers, too few security researchers and too little funding.

When writing systems as complicated and as sensitive as the leading encryption suite used globally, no language choice will save you from under resourcing.

ziotom785mo ago

Right, but I believe nobody can claim that Human error bugs go to zero for Rust code.

john_the_writer5mo ago

Agreed. I rather dislike the idea of "safe" coding languages. Fighting with a memory leak in an elixir app, for the past week. I never viewed c or c++ as unsafe. Writing code is hard, always has been, always will be. It is never safe.

simonask5mo ago

This is a bit of a misunderstanding.

Safe code is just code that cannot have Undefined Behavior. C and C++ have the concept of "soundness" just like Rust, just no way to statically guard against it.

2 more replies

jen205mo ago

A memory leak is not a memory safety issue.

1 more reply

j / k navigate · click thread line to collapse