White House Urges Memory Safe Software
Written by Kay Ewbank   
Thursday, 29 February 2024

The White House is urging developers to adopt memory safe programming languages, suggesting Rust would be a safer choice than C or C++. 

The report from the White House Office of the National Cyber Director (ONCD) calls on the technical community to proactively reduce the attack surface in cyberspace.

CppUdacitylogo

The report also encourages the research community to address the problem of software measurability to enable the development of better diagnostics that measure cybersecurity quality.

National Cyber Director Harry Coker said:

“We, as a nation, have the ability – and the responsibility – to reduce the attack surface in cyberspace and prevent entire classes of security bugs from entering the digital ecosystem but that means we need to tackle the hard problem of moving to memory safe programming languages,”

Anjana Rajan, Assistant National Cyber Director for Technology Security, put forward a list of high profile security problems in the past including the Morris worm, Slammer worm, Heartbleed vulnerability, Trident exploit, and Blastpass exploit, saying that underlying all of them is a common root cause: memory safety vulnerabilities. 

report from Microsoft in 2019 found that around 70 percent of all reported Microsoft security vulnerabilities are caused by developers inadvertently inserting memory corruption bugs into their C and C++ code.

While the latest White House report cited C and C++ as being languages prone to memory safety vulnerabilities, and Rust as a safe language, an earlier report from the NSA also highlighted C#, Go, Java, Ruby, and Swift as languages recommended as memory safe. 

C++ is the language of choice of around 22 percent of programmers, and it was awarded the 'language of choice' by TIOBE in 2023 as it had increased the most in popularity. Paul Jansen, who maintains the TIOBE Index, said at the time:

"The reason for C++'s popularity is its excellent performance while being a high level object-oriented language. Because of this, it is possible to develop fast and vast software systems (over millions of lines of code) in C++ without necessarily ending up in a maintenance nightmare."

C was still the main choice of around 19 percent of developers in 2023, according to Statista. 

CppUdacitylogo

More Information

White House ONCD Technical Report

Microsoft Vulnerability Report

Related Articles

C++ Is TIOBE's Language Of The Year

C++ Picked Out By TIOBE - An Odd Choice?

Bjarne Stroustrup On Why Learn C++

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


GitHub Introduces Code Scanning
26/03/2024

GitHub has announced a public beta of a code scanner that automatically fixes problems. The new feature was announced back in November, but has now moved to public beta status.  



Java Version 22 Released
04/04/2024

JDK 22 is not a Long Term Support release, but is one of the regular releases that are scheduled to arrive every six months. Still, it has got a lot to show for itself.


More News

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Thursday, 29 February 2024 )