"The Urgent Need for Memory Safety in Software Products"

The secure-by-design white paper from the US Cybersecurity and Infrastructure Security Agency (CISA) outlines three fundamental principles for software manufacturers: accept responsibility for customer security outcomes, embrace radical transparency, and lead security transformations from the top of the organization. Solutions to the issue of memory unsafety will include all three of these principles. CISA calls on software manufacturers to prioritize reducing and eventually eliminating memory safety vulnerabilities in their product lines. Companies can publish a "memory safety roadmap" that includes information about modifying their Software Development Lifecycle (SDLC) to accomplish this objective. A roadmap could include information such as the date after which it will build new products or components in a memory-safe programming language and plans for supporting the memory safety initiatives of open-source libraries that are part of their supply chain. This article continues to discuss the importance of memory safety in software products. 

CISA reports "The Urgent Need for Memory Safety in Software Products"

Submitted by Gregory Rigby on