On Monday, May 08, 2017 23:15:12 H. S. Teoh via Digitalmars-d wrote: > Recently I've had the dubious privilege of being part of a department > wide push on the part of my employer to audit our codebases (mostly C, > with a smattering of C++ and other code, all dealing with various levels > of network services and running on hardware expected to be "enterprise" > quality and "secure") and fix security problems and other such bugs, > with the help of some static analysis tools. I have to say that even > given my general skepticism about the quality of so-called "enterprise" > code, I was rather shaken not only to find lots of confirmation of my > gut feeling that there are major issues in our codebase, but even more > by just HOW MANY of them there are.
In a way, it's amazing how successful folks can be with software that's quite buggy. A _lot_ of software works just "well enough" that it gets the job done but is actually pretty terrible. And I've had coworkers argue to me before that writing correct software really doesn't matter - it just has to work well enough to get the job done. And sadly, to a great extent, that's true. However, writing software that's works just "well enough" does come at a cost, and if security is a real concern (as it increasingly is), then that sort of attitude is not going to cut it. But since the cost often comes later, I don't think that it's at all clear that we're going to really see a shift towards languages that prevent such bugs. Up front costs tend to have a powerful impact on decision making - especially when the cost that could come later is theoretical rather than guaranteed. Now, given that D is also a very _productive_ language to write in, it stands to reduce up front costs as well, and that combined with its ability to reduce the theoretical security costs, we could have a real win, but with how entrenched C and C++ are and how much many companies are geared towards not caring about security or software quality so long as the software seems to get the job done, I think that it's going to be a _major_ uphill battle for a language like D to really gain mainstream use on anywhere near the level that languages like C and C++ have. But for those who are willing to use a language that makes it harder to write code with memory safety issues, there's a competitive advantage to be gained. - Jonathan M Davis