The Biden administration is demanding a transition to secure programming languages.
The Office of the National Director for Cybersecurity (ONCD) of the US White House, as part of a report on ways to reduce the number of vulnerabilities in projects and the possibility of improving software reliability in the future, called on software developers in the long term to abandon unsafe (as part of working with memory) programming languages C and C++ and switch to more modern solutions with high memory security For example, Rust, Python, and Java.
Representatives of ONCD explained that such vulnerabilities are associated with errors in memory management, such as access to it, filling, allocating and freeing. They occur when software accesses memory in ways that were not intended or are unsafe, thereby creating security risks. For example, hackers can use these vulnerabilities to gain unauthorized access to user data or to run malicious code on the device. Recent research by Microsoft and Google has shown that about 70% of all security vulnerabilities are caused by memory security issues, the report says.
The ONCD report notes that such vulnerabilities have been a serious problem for the digital ecosystem for more than 35 years, and that addressing entire classes of software vulnerabilities is extremely important and requires urgent action. The organization emphasizes that it is important to introduce new approaches to reduce such risks.
The White House said in a press release that technology companies can "prevent entire classes of vulnerabilities by keeping them out of the digital ecosystem" by choosing secure programming languages.
At the same time, ONCD understands that the transition to new programming languages will take time and may take many years, perhaps even decades. However, they are confident that developers who make the right choice in favor of security will benefit in the long run by getting a more secure environment for developing and promoting their projects.
The authors of the report note that "the most effective way to reduce the number of memory security vulnerabilities is to guarantee the reliability of one of the components of cybersecurity: the programming language. Using programming languages that provide memory security can eliminate most memory security errors." Rust is mentioned as an example of a particularly suitable language.
Previously, the US National Security Agency also recommended that organizations switch to more secure programming languages such as C#, Go, Java, Ruby, Rust, and Swift to avoid certain types of memory management vulnerabilities. According to the NSA report, attackers are increasingly beginning to exploit vulnerabilities related to memory management, as C and C++ do not provide the proper level of security when working with it. According to the document, with the help of these security breaches, hackers can easily access confidential information, execute arbitrary code, and disrupt software supply chains.
The Office of the National Director for Cybersecurity (ONCD) of the US White House, as part of a report on ways to reduce the number of vulnerabilities in projects and the possibility of improving software reliability in the future, called on software developers in the long term to abandon unsafe (as part of working with memory) programming languages C and C++ and switch to more modern solutions with high memory security For example, Rust, Python, and Java.
Representatives of ONCD explained that such vulnerabilities are associated with errors in memory management, such as access to it, filling, allocating and freeing. They occur when software accesses memory in ways that were not intended or are unsafe, thereby creating security risks. For example, hackers can use these vulnerabilities to gain unauthorized access to user data or to run malicious code on the device. Recent research by Microsoft and Google has shown that about 70% of all security vulnerabilities are caused by memory security issues, the report says.
The ONCD report notes that such vulnerabilities have been a serious problem for the digital ecosystem for more than 35 years, and that addressing entire classes of software vulnerabilities is extremely important and requires urgent action. The organization emphasizes that it is important to introduce new approaches to reduce such risks.
The White House said in a press release that technology companies can "prevent entire classes of vulnerabilities by keeping them out of the digital ecosystem" by choosing secure programming languages.
At the same time, ONCD understands that the transition to new programming languages will take time and may take many years, perhaps even decades. However, they are confident that developers who make the right choice in favor of security will benefit in the long run by getting a more secure environment for developing and promoting their projects.
The authors of the report note that "the most effective way to reduce the number of memory security vulnerabilities is to guarantee the reliability of one of the components of cybersecurity: the programming language. Using programming languages that provide memory security can eliminate most memory security errors." Rust is mentioned as an example of a particularly suitable language.
Previously, the US National Security Agency also recommended that organizations switch to more secure programming languages such as C#, Go, Java, Ruby, Rust, and Swift to avoid certain types of memory management vulnerabilities. According to the NSA report, attackers are increasingly beginning to exploit vulnerabilities related to memory management, as C and C++ do not provide the proper level of security when working with it. According to the document, with the help of these security breaches, hackers can easily access confidential information, execute arbitrary code, and disrupt software supply chains.
