The debate about the long-time use of the programming language C has reached a boiling point, with the FBI and CISA warning of its dangers. The issue at hand is not that making mistakes in coding is a crime, but rather that this specific type of bug, known as buffer overflows, can have catastrophic consequences. A buffer overflow occurs when data is copied into memory beyond a predetermined boundary, which may lead to errors in the system.
Experts suggest switching to more modern languages with robust defenses against creating such bugs. C, on the other hand, was born in a time when programmers had more freedom to create their own rules, but this comes at the cost of safety. The language lacks built-in safeguards, making it prone to errors.
However, experts emphasize that one does not have to abandon C entirely to be safer. Better testing practices, safe coding methods, and inspection tools can help mitigate such issues. Moreover, companies like Microsoft are spending billions on AI without addressing their own code quality problems, which is a clear example of neglecting responsibility.
It’s essential for businesses to take responsibility for the mistakes they make and to invest in better testing processes. The consequences of not doing so can be severe, with fines or even lawsuits possible if a company is found liable for an exploit caused by avoidable bad code. As such, it’s crucial to adopt more secure coding practices, including switching to safer languages like those offered by modern programming standards.
Ultimately, the decision to switch away from C depends on individual business needs and goals. While transition costs are one-off expenses, the long-term benefits of adopting better coding practices can be substantial. By making a conscious effort to prioritize code quality and security, companies can avoid becoming relics of the past and stay competitive in an ever-evolving industry.
Source: https://www.theregister.com/2025/02/18/c_opinion