In context: Common memory safety bugs can lead to dangerous security vulnerabilities such as buffer overflows, uninitialized memory, type confusion, and use-after-free conditions. Attackers can exploit these bugs to compromise entire operating systems, steal users' data, or run malicious code on the vulnerable systems. Most importantly, these type of bugs are the most prevalent in shipping software today.
The issues with memory safety have become a serious concern for the world's most important intelligence and cyber-security agencies commonly known as the Five Eyes. A new paper jointly released by the US Cybersecurity and Infrastructure Security Agency (CISA), NSA, FBI, and other security agencies from Australia, Canada, UK, and New Zealand, is calling for a massive switch to new and effective memory safety coding standards.
These vulnerabilities represent a major problem for the software industry, CISA states, as they force manufacturers to release non-stop security updates customers will have to apply to their software. MSLs that are "safe by design" would eliminate memory safety vulnerabilities, therefore software manufacturers should move away from C, C++ and other "vulnerable" languages to quickly adopt Rust, C#, Go, Java, and other modern coding platforms.
Microsoft acknowledged that memory safety bugs account for 70% of the CVE-listed security vulnerabilities fixed in Windows since 2006, and Google provided a similar figure (67%) for zero-day vulnerabilities discovered in the Chromium project in 2021 alone.
Aptly called The Case for Memory Safe Roadmaps, the new document is intended to promote memory safety programming among C-Suite executives and technical experts. Software companies must hasten their transition to memory safety programming languages (MSLs) ..
Support the originator by clicking the read the rest link below.
