Five Eyes intelligence services dictate new programming trends.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security, strongly recommends that business and technology leaders focus on memory security when developing software. The Agency published a report entitled "Protecting Memory: The Way Forward", which emphasizes that memory security errors often lead to serious consequences and it is necessary to eliminate them.
Memory security bugs, such as buffer overflows, uninitialized memory usage, type confusion, and use of freed memory, can be exploited by attackers to control systems, steal data, or execute arbitrary code.
CISA, together with the National Security Agency (NSA), the FBI, and cybersecurity authorities in Australia, Canada, the United Kingdom, and New Zealand, is calling for better compliance with design-stage security guidelines supported by all of these organizations.
The agency encourages software vendors to pay attention to memory security by developing and publishing roadmaps to address such vulnerabilities in their products. The purpose of such a public declaration is to demonstrate responsibility for security issues to customers.
The memory security issue has attracted widespread attention, including from Consumer Reports, pointing to public awareness. For example, Microsoft admitted that about 70% of its vulnerabilities are related to memory security errors, and Google confirmed similar statistics for the Chromium project.
CISA advises developers to use programming languages such as C#, Go, Java, Python, Rust, and Swift that ensure memory security.
Bjarne Stroustrup, the creator of C++, defends his language, claiming that an ISO-compliant C++ can provide type and memory safety when using appropriate tools. However, this does not detract from the interest in Rust and other safe languages.
CISA concludes that the most promising way to eliminate memory security vulnerabilities is to standardize on secure programming languages and migrate critical software components to these languages.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security, strongly recommends that business and technology leaders focus on memory security when developing software. The Agency published a report entitled "Protecting Memory: The Way Forward", which emphasizes that memory security errors often lead to serious consequences and it is necessary to eliminate them.
Memory security bugs, such as buffer overflows, uninitialized memory usage, type confusion, and use of freed memory, can be exploited by attackers to control systems, steal data, or execute arbitrary code.
CISA, together with the National Security Agency (NSA), the FBI, and cybersecurity authorities in Australia, Canada, the United Kingdom, and New Zealand, is calling for better compliance with design-stage security guidelines supported by all of these organizations.
The agency encourages software vendors to pay attention to memory security by developing and publishing roadmaps to address such vulnerabilities in their products. The purpose of such a public declaration is to demonstrate responsibility for security issues to customers.
The memory security issue has attracted widespread attention, including from Consumer Reports, pointing to public awareness. For example, Microsoft admitted that about 70% of its vulnerabilities are related to memory security errors, and Google confirmed similar statistics for the Chromium project.
CISA advises developers to use programming languages such as C#, Go, Java, Python, Rust, and Swift that ensure memory security.
Bjarne Stroustrup, the creator of C++, defends his language, claiming that an ISO-compliant C++ can provide type and memory safety when using appropriate tools. However, this does not detract from the interest in Rust and other safe languages.
CISA concludes that the most promising way to eliminate memory security vulnerabilities is to standardize on secure programming languages and migrate critical software components to these languages.
