The White House urgently wants memory-safe programming languages to be used by developers

Memory-safe programming languages eliminate memory-related security vulnerabilities

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Tech companies need to switch to memory-safe programming languages to boost software security, the White House Office of the National Cyber Director (ONCD) has said.

Programming languages such as Rust help to protect against memory related vulnerabilities, whichMicrosofthas previously said accounts for up to 70% of all security vulnerabilities in software developed using unsafe languages.

This latest call from the White House comes as the US looks to service providers and software vendors to protect the nation’s cyberspace as part of the March 2023 National Cybersecurity Strategy.

Finally fixing a 35 year issue

Finally fixing a 35 year issue

Memory-unsafe programming languages can leave software plagued with issues relating to memory access, which can be abused using double free, buffer overflow, and use after free vulnerabilities.

Thereport[PDF] issued by the ONCD stated that, “For over 35 years, this same class of vulnerability has vexed the digital ecosystem. The challenge of eliminating entire classes of software vulnerabilities is an urgent and complex problem. Looking forward, new approaches must be taken to mitigate this risk.

“The highest leverage method to reduce memory safety vulnerabilities is to secure one of the building blocks of cyberspace: the programming language. Using memory safe programming languages can eliminate most memory safety errors.”

Several calls have been made by a number of private and governmental bodies, with the NSA issuingguidancefor developers on using memory-safe languages in November 2022, followed by a similar Cybersecurity & Infrastructure Security Agency (CISA)reporta year later in December 2023.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The Biden administration has significantly stepped up collaborations between public and private institutions to collaborate on cybersecurity, as state-sponsored threat actors from China, Russia and Iran have increasingly targeted vital US infrastructure in highly disruptive attacks.

ViaBleepingComputer

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

A new form of macOS malware is being used by devious North Korean hackers

How to turn off Meta AI