On June 24, the National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Information Sheet (CSI) to highlight the importance of adopting memory safe languages (MSLs) in improving software security and reducing the risk of security incidents.
Memory safety affects all software development and is a critical aspect to a holistic approach to security. Adopting MSLs will directly improve software security for all.
The CSI, “Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development,” details these various benefits of MSLs, citing several examples and case studies, and highlights the additional advantages that MSLs bring to reliability and productivity. Reducing memory-related vulnerabilities is critical and the consequences of not addressing memory safety vulnerabilities can be severe, including data breaches, system crashes, and operational disruptions.
MSLs incorporate built-in mechanisms, such as bounds checking, memory management, and data race prevention, to guard against various memory bugs and vulnerabilities. Without these safeguards, such weaknesses could be exploited by malicious actors. By embedding these safety features directly at the language level, MSLs prevent memory safety issues from the outset.
The authoring agencies urge organizations to consider whether adopting MSLs is practical for their circumstances, and provides adoption approaches and engineering considerations to ensure effective implementation of MSLs into their software. MSL adoption does not require existing code to be completely rewritten, and the report provides guidance to leverage interoperability to integrate with existing codebases. Further, the report also details ways non-MSLs can be made safer in cases where adopting an MSL is not practically feasible.
To strengthen national cybersecurity and reduce memory vulnerabilities, software producers, especially those for National Security Systems (NSS) and critical infrastructure, should utilize this guidance to plan for and begin using MSLs for their software systems.
Read the full report, “Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development.”
Source: NSA
Your competitors read IC News each day. Shouldn’t you? Learn more about our subscription options, and keep up with every move in the IC contracting space.
By 
