Американское агентство по кибербезопасности и инфраструктуре (оказывается, и такое бывает) требует явного запрета на C/C++ там, где существует "memory-safe" альтернатива. Запрет в новых продуктах, и требует роадмап на переписывание существующих продуктов.

Господа, это песец, я считаю, — но если требованием сертификата соответствия продукта станет минимизация количества нативного кода- то компаниям ничего не остаётся делать.

https://www.cisa.gov/resources-tools/resources/product-security-bad-practices

The development of new product lines for use in service of critical infrastructure or NCFs in a memory-unsafe language (e.g., C or C++) where there are readily available alternative memory-safe languages that could be used is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety.

For existing products that are written in memory-unsafe languages, not having a published memory safety roadmap by January 1, 2026 is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. The memory safety roadmap should outline the manufacturer’s prioritized approach to eliminating memory safety vulnerabilities in priority code components (e.g., network-facing code or code that handles sensitive functions like cryptographic operations). Manufacturers should demonstrate that the memory safety roadmap will lead to a significant, prioritized reduction of memory safety vulnerabilities in the manufacturer’s products and demonstrate they are making a reasonable effort to follow the memory safety roadmap.