Security News > 2022 > November > NSA urges orgs to use memory-safe programming languages

The US National Security Agency has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory safe alternatives - namely C#, Rust, Go, Java, Ruby or Swift.

"NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations," advised the agency.

The NSA gives the examples of a threat actor finding their way into a system through a buffer overflow or by leveraging software memory allocation issues.

Memory safe languages use a combination of compile time and runtime checks that automatically protect the programmer from introducing mistakes that turn into vulnerabilities.

NSA cybersecurity technical director Neal Ziring said consistent use of memory safe language and other protections was necessary when developing software to eliminate such vulnerabilities.

Being memory safe also comes with its own challenges - extreme levels of inherent protection have the adverse effect of being difficult to compile, and costly.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/11/nsa_urges_orgs_to_use/