The US government wants developers to stop using C and C++

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are urging software developers to abandon "memory-unsafe" programming languages like C and C++. They argue that using these languages poses significant risks to national security, economic stability, and public safety due to vulnerabilities such as buffer overflows. A report highlighted that over half of the analyzed critical open-source projects contain code in memory-unsafe languages, which account for 70% of security vulnerabilities. CISA recommends transitioning to memory-safe languages like Rust, Java, and Python, which offer built-in protections against common memory-related errors. However, the transition is complicated by the extensive time and resources required to convert existing codebases, as well as potential performance trade-offs. Many developers are resistant to learning new languages, especially when they have years of experience with C and C++. CISA has set a deadline for companies to develop roadmaps for this transition by January 1, 2026, but skepticism remains regarding the feasibility of such a shift in the near term, with many businesses prioritizing immediate profits over long-term security investments.

- CISA and FBI are advocating for the abandonment of C and C++ due to security risks.

- Over half of critical open-source projects analyzed use memory-unsafe languages.

- CISA recommends transitioning to memory-safe languages like Rust and Python.

- Transitioning to new languages is resource-intensive and may affect performance.

- Companies must create transition roadmaps by January 1, 2026, but skepticism about compliance exists.