Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It is true that they are different, but also, given the significant overlap between the two, people will reasonably talk about them together.


From a safety perspective they aren't very close, there is a reason that all these CVE bugs are C code.


I haven't seen conclusive evidence that this is the case, do you happen to have an analysis of this somewhere?

Of course, C++ offers you tools that C doesn't, but some of those tools have their own sharp edges as well. Plus, many C++ codebases are "C with classes" style or similar hybrids, those are still ultimately C++ programs, not C ones.


Counterexamples would be s2n, grpc, putty, postfix, that are either C with classes or non-PDP C. I suppose in postfix security design was an afterthought and added gradually, but at least it was thought.


I think this means you're making the opposite argument that most C++ folks do, which is that C with classes is bad, and more prone to security issues than "modern C++" is.


My argument is that C with classes is bad when it uses bad security practice, not because it must be bad.


If the code compiles with a C++ compiler, for better or worse it is C++ as well, might be C style C++ code, which is nonetheless part of the grammar, semantics and libraries defined by ISO C++ standard.

And that is the deal, lack of security culture.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: