Teacher
Professional
- Messages
- 2,670
- Reaction score
- 780
- Points
- 113
Regulators are confident that there will be no problems if you approach the development a little more seriously.
The Biden administration continues to put pressure on the IT industry to change its approach to software development. Regulators are concerned that over time, the problem of vulnerabilities in software products has not been resolved. This means that in order to prevent hacks and leaks, you should release solutions that will be safe initially.
On Monday, the US National Cybersecurity Administration issued a call for greater use of secure memory programming languages. Such a phenomenon as vulnerabilities in security systems appeared back in the 1980s due to errors in memory management and still remain the cause of major incidents.
"To significantly reduce the potential for cyber attacks, it is necessary to eliminate entire classes of vulnerabilities by implementing secure system solutions," said National cyber director Harry Coker, presenting a new technical report for the industry.
The report was supported by executives from major IT companies, including SAP, Hewlett Packard Enterprise, and Honeywell. According to the White House, the document " shifts responsibility for cybersecurity from individual users and small companies to large organizations that are able to effectively counter constantly changing threats.
The report mentions C and C++ as examples of popular but unsafe languages. The recommended replacements are Rust, Python, and Java. The White House recommends that top managers of companies, and not just engineers, give priority to this issue.
A full transition to secure languages can take decades and require considerable effort, but those who take action will definitely benefit. The difficulty of the transition explains why, over the past 34 years, attackers have consistently managed to find loopholes in security systems. But now our technical capabilities have obviously moved forward several levels.
The report published by the White House is the next step in the implementation of the executive order on cybersecurity signed by Biden and the recently presented national strategy in this area.
Other U.S. government agencies, including the National Security Agency (NSA), are also urging tech companies to consider security issues at the earliest possible stage. In particular, the CISA agency launched the Secure by Design initiative ("Secure from the moment of Design"), aimed at implementing the principles of secure software development.
The Biden administration continues to put pressure on the IT industry to change its approach to software development. Regulators are concerned that over time, the problem of vulnerabilities in software products has not been resolved. This means that in order to prevent hacks and leaks, you should release solutions that will be safe initially.
On Monday, the US National Cybersecurity Administration issued a call for greater use of secure memory programming languages. Such a phenomenon as vulnerabilities in security systems appeared back in the 1980s due to errors in memory management and still remain the cause of major incidents.
"To significantly reduce the potential for cyber attacks, it is necessary to eliminate entire classes of vulnerabilities by implementing secure system solutions," said National cyber director Harry Coker, presenting a new technical report for the industry.
The report was supported by executives from major IT companies, including SAP, Hewlett Packard Enterprise, and Honeywell. According to the White House, the document " shifts responsibility for cybersecurity from individual users and small companies to large organizations that are able to effectively counter constantly changing threats.
The report mentions C and C++ as examples of popular but unsafe languages. The recommended replacements are Rust, Python, and Java. The White House recommends that top managers of companies, and not just engineers, give priority to this issue.
A full transition to secure languages can take decades and require considerable effort, but those who take action will definitely benefit. The difficulty of the transition explains why, over the past 34 years, attackers have consistently managed to find loopholes in security systems. But now our technical capabilities have obviously moved forward several levels.
The report published by the White House is the next step in the implementation of the executive order on cybersecurity signed by Biden and the recently presented national strategy in this area.
Other U.S. government agencies, including the National Security Agency (NSA), are also urging tech companies to consider security issues at the earliest possible stage. In particular, the CISA agency launched the Secure by Design initiative ("Secure from the moment of Design"), aimed at implementing the principles of secure software development.
