The CISA and the NSA are urging us to adopt memory-safe languages (MSLs) for the sake of cybersecurity. You probably think they mean Rust but things aren't as clear cut as you might expect.

The aim is good and it is difficult to disagree with:

"Memory vulnerabilities pose serious risks to national security and critical infrastructure. MSLs offer the most comprehensive mitigation against this pervasive and dangerous class of vulnerability. Adopting MSLs can accelerate modern software development and enhance security by eliminating these vulnerabilities at their root.

Strategic MSL adoption is an investment in a secure software future. By defining memory safety roadmaps and leading the adoption of best practices, organizations can significantly improve software resilience and help ensure a safer digital landscape."

The document starts out by explaining the problem and why memory-safe languages are the solution. I don't think I need to go over this as if you are a programmer you already know most of this. It then goes on to explain that adopting an MSL is good for code quality and at this point you are probably thinking Rust.
Rust is on the rise and its adoption, albeit somewhat grudgingly, by the Linux Kernal and many Linux user space programs is helping increase its profile. However, this is not quite what the document is latching onto:

"MSLs such as Ada, C#, Delphi/Object Pascal, Go, Java, Python, Ruby, Rust, and Swift offer built-in protections against memory safety issues, making them a strategic choice for developing more secure software."

Yes that's right, you are being urged to use "ancient" languages such as Delphi, Ada and even Java and Python aren't exactly new. Of course, if you look at the list more carefully you will notice that the common factor are languages that are "high level" from the point of view of memory management and control.

Some of these languages are implemented as interpreters or at least run on a virtual machine. This makes them distinctly different from the two missing languages from the list that cause most of the problem - yes I'm looking at you C and C++. These things are not the same. The two evil languages are usually 100% fully compiled and provide the programmer with a low level view of the machine and its memory. For C and mostly for C++ as well you are the memory management. This is a fundamental difference between these two and the rest and it is the reason that the rest are actually implemented using C or C++.

The missing part of the CISA and NSA's document is a recognition that it is the foundations that are a problem, not the buildings on top. You can write your code in Java, but if the Java VM is written in C then you might still have a problem. It is simply not enough to adopt what appear to be memory-safe languages. You have to use memory-safe languages that are built on top of memory-safe languages. This is a much bigger problem than the CISA and NSA seem to be aware of and urging us to use the likes of Java isn't the solution, even if it is fast enough for the problem in hand. They need to push us to use Rust, or a similar MSL, that isn't built on a C or C++ derived runtime.

• Mike James, the editor of I Programmer is a prolific author. His recently published Deep C Dives: Adventures in C looks in depth at specific aspects of C that make it a unique language and covers the respects in which C and ve considered unsafe.

More Information

Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development

Related Articles

White House Urges Memory Safe Software

The Feds Want Us To Move On From C/C++

DARPA Wants All C Converted To Rust

Is Rust Safe?

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info