"The Move to Memory-Safe Programming"
In November 2022, the National Security Agency (NSA) suggested using memory-safe programming languages to protect against software-memory safety problems. The "Future of Memory Safety" report published earlier this year by Consumer Reports advocated memory-safe languages. Azalea Raad, a senior lecturer in the Department of Computing at Imperial College London, emphasizes that the prevalence of security issues, of which memory safety vulnerabilities are one of the primary causes, is one of the main reasons why memory-safe languages are gaining popularity at this time. Memory safety is a factor of programming languages that prohibits memory-access vulnerabilities such as out-of-bounds reads and writes and use-after-free bugs. For example, in an application that manages a list of to-do items, an out-of-bounds read could mean accessing the nonexistent sixth item in a list of five. A use-after-free bug could involve accessing an item on a to-do list that has already been deleted. These flaws could lead to unauthorized access to confidential data, data corruption, or even the execution of unauthorized code. Raad explains that an out-of-bounds read may result in reading from adjacent blocks in memory potentially containing sensitive data. Similarly, an out-of-bounds write can lead to the hijacking of the program's control flow and the execution of privileged or malicious code by overwriting sensitive information in memory. With memory-safe programming languages, these errors are discovered during compile time or runtime. Errors are flagged at compile time so they can be corrected. When detected at runtime, they cause crashes rather than enabling unchecked access to memory, thus limiting possible damage and preventing security vulnerabilities. This article continues to discuss the shift to memory-safe programming languages.