[OT] NSA guidance on software security
Nick Treleaven
nick at geany.org
Fri Nov 11 14:52:51 UTC 2022
On Friday, 11 November 2022 at 08:34:39 UTC, Siarhei Siamashka
wrote:
>
> But even if they decide to provide a complete list of
> recommended programming languages, in NSA's shoes I would avoid
> recommending D yet. Because is not @safe by default and the
Just declare main @safe.
> @system code in "-release" builds has no bounds checking (so
> goodbye memory safety).
Either:
1. Don't use -release if safety is a higher priority than
performance.
2. Use -boundscheck=on
https://dlang.org/dmd-windows.html#switch-boundscheck
> Additionally, catching arithmetic overflows is the next safety
> frontier NSA may be looking into and D has nothing good to
> offer (the checkedint library is a fig leaf and non-practical
> in reality).
Memory unsafety is non deterministic. Overflow/underflow is, so
it's much less important.
More information about the Digitalmars-d
mailing list