Are programs/OSes written in D more secure than programs written in C/C++?

[Paulo Pinto]

On Wednesday, 6 June 2012 at 22:04:27 UTC, J.Varghese wrote:
> I'm sure most of you have heard of the recent increase of high
> profile hacking and security violations. The PlayStation 
> Network,
> RSA, LinkedIn, (today) and thousands of lower profile attacks.
> The Flame trojan also marks the rise of highly sophisticated
> state-sponsored cyberweapons.
>
> I'm not a programmer, so can someone explain this to me: Will
> programs and operating systems written in D be safer (I speak of
> both memory safety and security bugs) than existing operating
> systems written in C and C++? If so, what features and 
> attributes
> of D make this the case? How much safer is it? Would it be
> possible to identify all the bugs in an OS written in D (within 
> a
> reasonable timeframe) or is that still a pipedream?
>
> Thanks for replying. I have followed the development of D for a 
> while. I just want to know how much safer D is than other 
> languages. Curiosity and all that.

D has a few language features that help to minimize exploits:

- slices
- bounds checking
- more restrict type checking
- GC
- reference parameters
- proper strings
- security layers among modules (system, trusted, safe)

Most C and C++ security exploits are due to:

- pointer arithmetic
- null terminated strings
- lack of bounds checking on array access
- usage of pointers to change input arguments

Sure enough, static analysis tools can help, but not everyone 
makes
use of them. Note that C++ library can help, but requires that 
the developers
play by the rules.

But no language is 100% full proof. You still need to take care 
data
is properly handled (SQL, passwords, etc) and if the OS does not 
provide
the proper security mechanisms, you can still tweak the assembly 
code.

--
Paulo