David Sankel
Adobe Principal Scientist, member of the International C++ Standards Committee
David Sankel is a Principal Scientist at Adobe and an active member of the C++ Standardization Committee. His experience spans microservice architectures, CAD/CAM, computer graphics, visual programming languages, web applications, computer vision, and cryptography. He is a frequent speaker at C++ conferences and specializes in large-scale software engineering and advanced C++ topics. David’s interests include dependently typed languages, semantic domains, EDSLs, and functional programming. He is the project editor of the C++ Reflection TS, Executive Director of the Boost Foundation, and an author of several C++ proposals including pattern matching and language variants.
Topic
Beyond the Hype: Mitigating the Real Risks of AI-Generated Code
AI coding tools are evolving at a breakneck pace. How do you build a stable developer workflow when the "best" tool changes weekly? And what non-obvious risks are you adopting along with the productivity gains? This session moves past the hype to deliver a practical framework for the "Day 2" problems of AI integration. We'll go beyond "it makes mistakes" and dissect the real-world issues we've seen: 1、The "plausible, not correct" hallucinations that slip past reviewers. 2、The long-term technical debt from AI-generated code bloat and maintainability issues. 3、The most critical hidden cost: the erosion of developer learning and expertise. You won't just leave with a list of problems; you'll get a checklist of solutions. We'll cover concrete mitigation strategies, including: how to use "pilot programs" and internal knowledge-sharing to manage the tooling chaos; a new code review mindset ("be curious, not trusting") essential for catching hallucinations; and a strategic framework for deciding when to let AI "vibe-code" versus when to protect your team's essential learning. You will leave this session with a healthy dose of realism and an actionable plan for harnessing AI's power safely and sustainably.
Safe C++ at Scale: A Defense-in-Depth Strategy
Industry data consistently shows that memory safety issues are the root cause of over 70% of high-severity vulnerabilities. This isn't just a legacy problem; statistics show that newly written code is the most likely source of these flaws. The most effective way to eliminate these bugs in new code is to use a memory-safe language. However, this isn't always a viable engineering trade-off due to interop costs, training, and project complexity. For the billions of lines of C++ that power our infrastructure, we need a robust, multi-layered approach. This talk presents a pragmatic, defense-in-depth strategy for C++ safety. We will outline a complete playbook, starting with sandboxing critical components like parsers and plugins to isolate their blast radius. We will then cover practical, high-impact toolchain hardening, from low-cost compiler flags to sanitizers and fuzzing. Finally, we will attack the root cause of all memory flaws—Undefined Behavior—and provide concrete techniques to eliminate it. You will leave with an actionable strategy to fortify your C++ codebases, today and into the future with emerging tools like C++26 Contracts.
