It’s Not C
Brent Simmons looks at there Heartbleed Bug and the Goto Fail and blames C: That Pretty Much Wraps it Up for C.
This is wrong, and also dangerous.
Wrong: Any computer language capable of doing real work is also capable of being confusing, capable of being misused, capable of being subverted. That’s why they call it a language. Both these errors were deep in trusted system code, written and reviewed by experts and hiding in plain sight; bugs are like that. The open source charlatans have been shouting for years that it Can’t Happen Here. It did. Twice in two months.
Dangerous: Powerful people wish folks like Brent and me – people who write programs – were all safely inside the military-entertainment complex. If they could lock down computing even more – licenses for programmers, permits for running applications, banning software not sanctioned by the government or by a Fortune 500 company – they could extract better prices. You wouldn’t actually get fewer bugs: you’d just never find out about them. Your mail wouldn’t be more secure; you’d only find out about the insecurity when they knocked on your door, or mysteriously misdirected an embarrassing email to the press, or somehow your “sealed bid” was leaked to your rival, or your daughter’s chat transcript mysteriously got posted to Facebook.
There’s reason to think that goto, and maybe Heartbleed, were deliberate errors introduced by subverted programmers. Abjuring C isn’t going to protect you from that. Hell: we can barely protect against embezzlement – the introduction of intentional errors in adding up a bunch of numbers. Most programs are more complicated than that.
If you have free speech, you risk dangerous speech. If you have free computing, you risk dangerous programs.
Update: Brent’s reply is generous and absolutely right.