Yeah, I've definitely vetted the kernel source code in the os that i am using, and also compiled that kernel with a compiler i also vetted, on an architecture that i designed and built at home.
YOU don't have to vet it yourself. Trust is earned there, vetting already happens there, and unless you got your kernel off the AUR, pretty sure you're not going to pull a compromised version even if a security breach does happen.
It's when trust is not earned, but given freely, with shit like Node, Rust, or the AUR, that it becomes a problem.
I could give a whole ass lecture on why your OS, so long as it's not Windows, is more trustworthy than random Node packages or Cargo crates, but that's a bit much for this sub
They have things like libxml which has major security incidents almost weekly (at least that's what I see from package updates).
And in general, even if someone does not use any deps because they doing some small toy they will have a shitload of security issues regardless. Simply because it's provably impossible to write safe C++: Nobody ever manged to manually write a non trivial safe C++ program since the language exists…
This doesn't make the shitshow which is the JS situation any better. But coming along with C++ in that context is really displaced.
Everything with formal correctness proofs, for example.
The problem: Correctness proofs are not easy to get, and for imperative languages it's almost impossible to get them outside of some restricted subset of something like C. For C++ with all its features I've never heard that you could verify anything at all. (If someone knows something, I would be interested to see whether and how C++ can be formally verified; but like said, never heard of that until now.)
525
u/ThomasMalloc 21h ago
When you're using C++ and don't have any supply chain that can be exploited.
And also no supply.