The US Office of the National Cyber Director has put out a report on “a path towards secure and measurable software” <https://devclass.com/2024/02/27/white-house-demands-memory-safe-programming-languages-but-iso-c-group-says-its-only-part-of-solution/>. It talks a lot about memory safety, including hardware techniques such as the old “capabilities” idea being resurrected in the CHERI project. And the Rust Foundation has chimed in with some comments about use of their language which is specifically designed to enforce memory safety. But a group of C++ fans has counterclaimed that memory safety is only “a very small part of security”, and that “C++ benefits from having a formal specification, a fully-specified memory model, and an active community of users and implementers”, and that education can improve the quality of code written in C and C++. It also tries to imply that Rust is somehow less desirable because it lacks a formal specification.