The Office of the National Cybersecurity Director (ONCD) at the White House of the United States released a report urging software developers to reduce vulnerabilities in their projects by moving away from unsafe programming languages like C and C++. The report, which can be found here, emphasizes the importance of improving software reliability and recommends switching to more modern solutions such as Rust, Python, and Java for higher memory safety.
According to representatives of the ONCD, vulnerabilities in software are often caused by memory management errors, such as improper access, allocation, and deallocation. These errors can be exploited by hackers to gain unauthorized access to user data or execute malicious code on devices. Studies conducted by Microsoft and Google have shown that approximately 70% of security vulnerabilities are linked to memory safety issues.
The report highlights that memory safety vulnerabilities have been a critical issue in the digital ecosystem for over 35 years and calls for immediate action to address and eliminate these risks. The ONCD stresses the importance of adopting new approaches to mitigate such vulnerabilities and enhance cybersecurity measures.
In a press release, the White House states that technology companies have the capability to prevent entire vulnerabilities in the digital ecosystem by opting for secure programming languages. While acknowledging that transitioning to new languages will take time, the benefits of increased security in the long run are emphasized.
The report emphasizes that ensuring the reliability of programming languages is a key aspect of cybersecurity, with languages like Rust being particularly suitable for memory safety. The US National Security Agency has also recommended organizations to consider safer programming languages like C#, Go, Java, Ruby, Rust, and Swift to avoid memory management-related vulnerabilities.
Given the rise in attacks exploiting memory safety vulnerabilities, especially with languages like C and C++, the ONCD and ANB highlight the importance of prioritizing security in software development to safeguard confidential information and prevent supply chain disruptions.