The future of secure programming in C++ is once again a topic of discussion within the standardization community. The so-called Safe C++ proposal, which was presented a year ago as a way to integrate stronger security guarantees into the language, will not be further developed.
This is evident from recent discussions and posts on Reddit, among other places. Sean Baxter, one of the original authors, confirms the news.
Safe C++ was intended as an optional context in which code would receive the same strong guarantees as in Rust. These include memory safety, type safety, and protection against race conditions. The idea was that existing code would continue to function as usual, while newly written or modified parts could run within a secure context. The proposal thus seemed to bridge the gap between current practice and a safer future for C++. Nevertheless, the concept remained controversial.
According to Baxter, the Safety and Security Study Group preferred the so-called Profiles project. This initiative also aims to increase security, but does so through restrictions and rules that developers can voluntarily enable. Instead of introducing new language constructs, Profiles mainly impose compile-time restrictions. These are supplemented by a few runtime checks. Anyone who activates a profile commits to those rules, but without a profile, C++ continues to function as usual.
Plans not concrete enough
According to proponents, the advantage of this approach is that it is more in line with the existing language philosophy and, therefore, easier to adopt in practice. Bjarne Stroustrup, the founder of C++, has stated in various contexts that he supports Profiles. At the same time, The Register points out that critics find the plans still too vague. There is no widespread implementation yet, and some doubt whether the promised guarantees go far enough.
During votes within the committee, it became clear that Safe C++ did indeed have support, but not enough to push it through. About twenty members expressed support for further development, while a majority preferred Profiles. This does not mean that the proposal has been formally rejected, but the community’s attention is now focused elsewhere.
For developers, this means that C++26, the next major standard, will primarily introduce security improvements through these profiles and refinements in the standard library. A separate secure library, as proposed by Safe C++, will not be implemented. It is a more pragmatic course, with less radical changes than initially thought.