U.S. cyber office calls for use of safer programming languages
NewsFebruary 29, 2024
WASHINGTON. The White House Office of the National Cyber Director (ONCD) urged developers to reduce the risk of cyberattacks by using programming languages that are not vulnerable to memory safety vulnerabilities and stop using less-secure languages, calling out C and C++ as examples of vulnerable ones.
In its report and accompanying news release, ONCD asserted that technology companies would be able to "prevent entire classes of vulnerabilities from entering the digital ecosystem” by adopting memory-safe programming languages. In the news release, National Cyber Director Harry Coker said "We, as a nation, have the ability -- and the responsibility -- to reduce the attack surface in cyberspace and prevent entire classes of security bugs from entering the digital ecosystem but that means we need to tackle the hard problem of moving to memory-safe programming languages.”
Memory-safe programming languages are protected from software bugs and vulnerabilities related to memory access, including buffer overflows, out-of-bounds reads, and memory leaks.
The ONCD report cited the popular languages C and C++ as two examples of programming languages with memory safety vulnerabilities, while naming Rust as an example of a programming language it considers safe. The report cautioned, however, that Rust has not yet been proven in space systems, and in order to increase memory safety in space or other embedded uses that face similar constraints, a complementary approach to implement memory safety through hardware can be explored.
