DoD Cybersecurity Blogs white house devs

Developers are urged by White House to switch to memory-safe programming.

Midjourney

The Office of the National Cyber Director ( ONCD ) of the White House urged tech companies to switch to Rust, a memory-safe programming language, to increase software security by reducing memory safety vulnerabilities.

When memory is accessed, written, allocated, or deallocated, these flaws in software can cause memory management issues.

They occur when software uses unintended or unsafe methods of accessing memory, leading to buffer overflow, use after free, use of uninitialized memory, and double free, which are vulnerabilities that attackers can exploit.

Exploitation successfully raises serious risks, with the potential for threat actors to execute malicious code while gaining unauthorised access to data or executing malicious code with system owner’s permission.

This same class of vulnerability has plagued the digital ecosystem for more than 35 years, according to &nbsp. It is a pressing and challenging issue to eradicate all different types of software flaws. According to the ONCD’s report, new strategies must be employed to reduce this risk.

The programming language is one of the building blocks of cyberspace, according to experts, and the best way to reduce memory safety vulnerabilities is to secure it. Most memory safety errors can be fixed by using memory-safe programming languages.

embedded content ]

The National Cybersecurity Strategy, which was signed by President Biden in March 2023, placed more of the burden on software and service providers as the focus of today’s report expands upon.

In November 2022, the National Security Agency ( NSA ) released guidance on how software developers can avoid issues with memory safety.

In December 2023, a similar report from CISA and international partners was released, calling for the transition to memory-safe programming languages to reduce software products ‘ vulnerability risk by removing memory-related vulnerabilities.

As Microsoft discovered years ago, memory safety concerns are at the heart of up to 70 % of security flaws found in software created using memory-unsafe languages. The company further discovered that this is still the case even after thorough code reviews and additional preventative and detection measures.

However, research from Google shows that using a memory-safe language can significantly reduce memory safety bugs even in complex code bases and, in some cases, completely eliminate them.

Memory safety flaws have plagued the digital ecosystem for 35 years, but it should n’t be this way, according to Anjana Rajan, Assistant National Cyber Director for Technology Security.

Because we are aware that engineers can make architectural and design decisions regarding the building blocks they use, this report will have a significant impact on how we can reduce the threat surface, safeguard the digital ecosystem, and ultimately the nation.

Skip to content