The US government recommends abandoning C or C++ programming tools. In a new report, the White House Office of the National Cyber Director (ONCD) urged developers to use memory-safe programming languages. The council is a step toward “securing the building blocks of cyberspace.”
Memory security is protection against bugs and vulnerabilities related to memory access. Buffer overflows and hangs are examples of this. Java is considered a memory-safe language due to its run-time error checking. However, C and C++ allow arbitrary arithmetic with pointers to direct memory addresses without bounds checking.
In 2019, Microsoft security engineers reported that about 70% of vulnerabilities were caused by memory security issues. In 2020, Google reported the same figure, but for bugs found in the Chromium browser, Tom’s Hardware reports.
Recommended programming languages that the NSA considers safe for memory
- Rust
- Go
- c#
- Java
- Swift
- JavaScript
- Ruby
The report also calls for better measurement of software security. ONCD believes that the best metrics allow technology providers to better plan, anticipate and mitigate vulnerabilities before they become a problem.
The competition of ITS authors is ongoing. Write an article about game development, gaming and gaming devices and win a professional Logitech G923 Racing Wheel or one of the low-profile Logitech G815 LIGHTSYNC RGB Mechanical Gaming Keyboard!