Security News > 2024 > February > White House: Use memory-safe programming languages to protect the nation

White House: Use memory-safe programming languages to protect the nation
2024-02-27 14:24

The White House is asking the technical community to switch to using memory-safe programming languages - such as Rust, Python, Swift, C#, Java, and Go - to prevent memory corruption vulnerabilities from entering the digital ecosystem.

To help with the transition, the White House Office of the National Cyber Director has released a report outlining why memory-safe programming languages and memory-safe hardware is needed, and outlines formal methods to give software developers greater assurance that entire classes of vulnerabilities - not just memory safety bugs - are absent.

"Our experience has demonstrated that formal methods combined with memory-safe programming languages provide a robust framework for eliminating vulnerabilities with unparalleled precision," commented Dan Guido, CEO of Trail of Bits.

"A recent report authored by CISA, the NSA, the FBI, and international cybersecurity agencies entitled The Case for Memory Safe Roadmaps, provides guidance for manufacturers with steps to implement changes to eliminate memory safety vulnerabilities from their products," the ONCD report says.

Jason Urso, CTO at Honeywell Connected Enterprises, noted that adding memory safe programming as part of the software design process will be a valuable addition to the cyber defense toolkit that includes network segregation, high security models, and real time threat and vulnerability assessments.

"The White House is taking a pragmatic approach, and is proposing to start this conversion with critical space systems, which is a good testing ground for the proposed approach. Preventing memory safety bugs is only the beginning of a long journey towards more secure software. Formal verification and confinement technologies are important tools in our arsenal, and I was happy to see that the White House is calling for further investment in these technologies," he added.


News URL

https://www.helpnetsecurity.com/2024/02/27/memory-safe-programming-languages/