NSA & CISA Urge Adoption of Memory‑Safe Languages to Prevent Critical Vulnerabilities

The NSA and CISA have jointly issued a Cybersecurity Information Sheet (CSI), titled Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development, published on June 24, 2025. The guidance emphasizes that memory safety is "critical to a holistic approach to software security", and that using memory-safe languages (MSLs) can significantly lower the risk of memory-based exploits such as buffer overflows, use-after-free, and data races.

MSLs—including Rust, Go, Java, C#, Swift, Python, and Ruby—offer built-in defenses via bounds checking, automatic memory management, and race-condition prevention, shifting safety measures from developers directly into the language design . The agencies advise that full adoption need not require rewriting entire systems; instead, teams can integrate MSLs incrementally with interoperable components while securing legacy code with existing safeguards.

This guidance highlights strategic benefits: it lowers the incidence of security incidents, improves system reliability, and can yield long‑term cost savings. However, organizations may need to invest in developer training, tooling, refactoring, and dependency management. Despite these challenges, a gradual adoption roadmap focused on high-value modules is recommended.

As part of the broader “Secure by Design” initiative and national cybersecurity strategy, this CSI reinforces previous frameworks like the White House’s 2024 Back to the Building Blocks technical report. The NSA and CISA encourage software producers—especially those creating National Security Systems or critical infrastructure software—to review the CSI and start integrating MSLs into their development practices.

Read the full CSI and strengthen software resilience with proactive memory safety strategies linked here.