Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Benedict Collins

The White House urgently wants memory-safe programming languages to be used by developers

Digital US flag.

Tech companies need to switch to memory-safe programming languages to boost software security, the White House Office of the National Cyber Director (ONCD) has said.

Programming languages such as Rust help to protect against memory related vulnerabilities, which Microsoft has previously said accounts for up to 70% of all security vulnerabilities in software developed using unsafe languages.

This latest call from the White House comes as the US looks to service providers and software vendors to protect the nation's cyberspace as part of the March 2023 National Cybersecurity Strategy.

Finally fixing a 35 year issue

Memory-unsafe programming languages can leave software plagued with issues relating to memory access, which can be abused using double free, buffer overflow, and use after free vulnerabilities.

The report [PDF] issued by the ONCD stated that, “For over 35 years, this same class of vulnerability has vexed the digital ecosystem. The challenge of eliminating entire classes of software vulnerabilities is an urgent and complex problem. Looking forward, new approaches must be taken to mitigate this risk.

“The highest leverage method to reduce memory safety vulnerabilities is to secure one of the building blocks of cyberspace: the programming language. Using memory safe programming languages can eliminate most memory safety errors.”

Several calls have been made by a number of private and governmental bodies, with the NSA issuing guidance for developers on using memory-safe languages in November 2022, followed by a similar Cybersecurity & Infrastructure Security Agency (CISA) report a year later in December 2023.

The Biden administration has significantly stepped up collaborations between public and private institutions to collaborate on cybersecurity, as state-sponsored threat actors from China, Russia and Iran have increasingly targeted vital US infrastructure in highly disruptive attacks.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.