https://www.theregister.co.uk/2018/04/04/microsoft_windows_defender_rar_bug/
A remote-code execution vulnerability in Windows Defender – a flaw that can be exploited by malicious .rar files to run malware on PCs – has been traced back to an open-source archiving tool Microsoft adopted for its own use.
[...] Apparently, Microsoft forked that version of unrar and incorporated the component into its operating system's antivirus engine. That forked code was then modified so that all signed integer variables were converted to unsigned variables, causing knock-on problems with mathematical comparisons. This in turn left the software vulnerable to memory corruption errors, which can crash the antivirus package or allow malicious code to potentially execute.
(Score: 2) by leftover on Tuesday April 10 2018, @02:24AM
I have to agree with this plus add a spin. IMHO, the arcane convolutions in C are a clear problem for maintaining code. Even trying to debug your own code six months later is a PITA. C++ did some nice language things but, again IMHO, borked the whole field with Object-Oriented Programming. I hated OOP when it was first emerging and I still hate it now from both viewpoints of coder and manager. In OOP, the coder needs to mentally integrate all the external classes, methods, operators, namespaces, etc. plus entire new buckets of this shit added for every library used. Damned few people can achieve that for even a short time. The inevitable result is bugs and non-functionality, insane levels of bloat. In short, what we are seeing in the entire computing industry. Billion-dollar projects abandoned, mass-market products the never work cleanly for their entire lives, open-source fields populate with twenty alternatives that don't work, all adding up to a truly staggering waste of resources. Additionally, hiring only people who claim to be OOP super-performers will result in a corral full of bloviating assholes.
Algol had the right idea with good structure and just a little bit of abstraction. Adding more than a pinch of abstraction is as harmful as adding too much paprika to deviled eggs. Of current options, I find myself liking Google's Go enough to overcome my anger at their becoming evil. Pointers, optional dynamic typing and garbage collection, optional strong typing in a compiled language. It looks much like Python code written without OOP. Learn the simple language rules and you can write or debug any function|code put in front of you. You can be interrupted and not need four hours plus counseling to get back in the groove. I have written Go code for workstation clusters and microcontrollers. Does it hide all the differences between them? Nope, nor would I want it to.
(Don't even let me get started on the proliferation of event loops!)
Bent, folded, spindled, and mutilated.