Ah, now I realize that you don't necessarily meant something like an ISO standard. I definitely agree that a programm language should have some kind of normative specification and it's not sufficient to say "the spec is the behavior of the compiler".
> Again, I ask for a reference, "according to what?" I understand this is the zeitgeist.
I think that at this point it is pretty well-established that the majority of security CVEs in C or C++ applications are caused by memory safety bugs. For sources see https://www.cisa.gov/news-events/news/urgent-need-memory-saf.... As a C++ dev this totally makes sense. (I just happen to work in a domain where security doesn't really matter :)
To be clear: I definitely don't think that all C or C++ code should be rewritten in Rust. But for components that are exposed to the public internet or accept untrusted user input it totally makes sense.
Can I ask what that domain is?
Audio and multimedia art.
thanks