"NSA Releases Guidance on How to Protect Against Software Memory Safety Issues"

The National Security Agency (NSA) has issued guidance to help software developers and operators in preventing and mitigating software memory safety issues, which make up a large portion of exploitable vulnerabilities. The "Software Memory Safety" Cybersecurity Information Sheet discusses how malicious cyber actors can use poor memory management to gain access to sensitive information, execute unauthorized code, and cause other negative consequences. Memory management flaws have been exploited for decades and are still far too prevalent today, according to Neal Ziring, Cybersecurity Technical Director. In order to eliminate these vulnerabilities from malicious cyber actors, it is critical to consistently use memory-safe languages and other protections when developing software. Using a memory-safe language can help prevent programmers from introducing memory-related problems. The language implements automatic protections by combining compile time and runtime checks. These built-in language features prevent the programmer from unintentionally introducing memory management errors. C#, Go, Java, Ruby, Rust, and Swift are examples of memory-safe languages. Microsoft and Google have both stated that software memory safety issues account for roughly 70 percent of their vulnerabilities. Poor memory management can also result in technical issues such as incorrect program results, program performance degradation over time, and program crashes. This article continues to discuss NSA's guidance on software memory safety. 

NSA reports "NSA Releases Guidance on How to Protect Against Software Memory Safety Issues"