"The Federal Government is Moving on Memory Safety for Cybersecurity"

The appropriations bill recently passed by Congress addresses the use of memory-safe coding languages to deal with the vast majority of software vulnerabilities exploited by cyberattackers. The National Security Agency (NSA) said in a November information sheet that a malicious cyber actor could carry out malicious actions, such as crashing the program at will or altering the instructions of the executing program to do whatever the actor wants, by taking advantage of poor or careless memory management. According to the agency, how a software program handles memory is critical to preventing many vulnerabilities and ensuring a program's robustness. NSA recommends the adoption of memory-safe languages whenever possible. Memory-safe programming languages include JavaScript, Ruby, Python, and others. Unlike more regularly used memory-unsafe languages such as C and C++, they can provide significant defenses by controlling how memory is allocated, accessed, and managed. This article continues to discuss the issue of how coding languages could support software developers' management of memory getting attention from the National Security Council (NSC), Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), and Congress.

NextGov reports "The Federal Government is Moving on Memory Safety for Cybersecurity"