"No way to prevent this" say users of only language where this regularly happens
In the hours following the release of
CVE-2024-22252 for the project
VMWare ESXi, site reliability workers and
systems administrators scrambled to desperately rebuild and patch all
their systems to fix a vulnerability that allows someone with root
access to a guest domain to execute arbitrary code as the VMX host
process. This is due to the affected components being written in C, the
only programming language where these vulnerabilities regularly happen.
"This was a terrible tragedy, but sometimes these things just happen and
there's nothing anyone can do to stop them," said programmer Lady
Lurline Schuster, echoing statements expressed by hundreds of thousands
of programmers who use the only language where 90% of the world's memory
safety vulnerabilities have occurred in the last 50 years, and whose
projects are 20 times more likely to have security vulnerabilities.
"It's a shame, but what can we do? There really isn't anything we can do
to prevent memory safety vulnerabilities from happening if the
programmer doesn't want to write their code in a robust manner." At
press time, users of the only programming language in the world where
these vulnerabilities regularly happen once or twice per quarter for the
last eight years were referring to themselves and their situation as
"helpless."