I’m digging into Software Security: Building Security in by Gary McGraw and I came across a strong opinion on C and C++:
If you are concerned about buffer overflow problems and other basic software security bugs, don’t use C. If you must use C, use a source code security scanner. By the way C++ is even worse than C from a security perspective. C++ is C with an object model crammed halfway down its throat.
Ouch.