This working group recommends using a memory-safe by default language whenever possible or practical. However, when using a memory-safe by default language is not possible or practical, there are developer practices that will improve memory safety, even if it is not the default.
- Chromium is using the rule of 2 to improve security. This involves sandboxing unsafe code that processes untrusted input.
- Google's whitepaper summarizes most of the security mitigations they have in place for C++ including sanitizers, fuzzing, guidelines, and static analysis.
- Microsoft's response to NISTIR 8397 summarizes best practices to build reliable and secure C++ programs for the Windows platform.
- Apple's Secure Coding Guide includes generic advices for C, C++ and Objective C, as well as some platform specific guidelines.
- The C++ Core Guidelines is a collection of best practices to write better and safer C++.
- The C/C++ Hardening Guide discusses what compiler options to use to mitigate the risks of vulnerabilities getting exploited.