WHY THIS MATTERS IN BRIEF
By using memory safe programming languages companies could see a huge drop in the number of successful cyber attacks.
Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.
A new White House report emphasizes the importance of adopting memory-safe programming languages and establishing software safety standards to prevent cyberattacks. Titled “Back to the Building Blocks: A Path Toward Secure and Measurable Software,” the report focuses on reducing the attack surface by encouraging the use of memory-safe languages such as Python, Java, and C#, and promoting the development of standardized measurements for software security.
The report calls on tech professionals to implement memory-safe programming languages and develop new metrics for measuring hardware security. It aims to communicate the US government’s priorities for securing hardware and software at the design phase, offering advice and loose guidelines for IT professionals and business leaders.
“Even if every known vulnerability were to be fixed, the prevalence of undiscovered vulnerabilities across the software ecosystem would still present additional risk,” the report states. “A proactive approach that focuses on eliminating entire classes of vulnerabilities reduces the potential attack surface and results in more reliable code, less downtime, and more predictable systems.”
Memory safety vulnerabilities have been a persistent issue in programming languages for over 35 years, with no single solution emerging. The report highlights that while no “silver bullet” exists for every cybersecurity problem, using memory-safe programming languages can significantly reduce the types of cyberattacks possible. The Office of the National Cyber Director (ONCD) points out that popular languages like C and C++ are not memory safe, whereas Rust, a memory-safe language, has not yet been proven in critical aerospace systems.
The ONCD stresses the role of software and hardware creators in developing memory-safe hardware and software, suggesting that stakeholders focus on new products in memory-safe languages or rewriting critical functions or libraries.
Developing empirical metrics to measure the cybersecurity quality of software is crucial, according to the report. This task is challenging due to the diverse and unpredictable nature of software, and the fast-paced evolution of software development. Metrics for software safety must be dynamic and open to continuous monitoring and change.
Gartner VP Analyst Paul Furtado highlighted the importance of minimizing security incidents, noting that companies might have a long journey ahead in reducing their attack surface as per the report’s suggestions. He pointed out the reliance on underlying code libraries and the existing tech debt that needs addressing to mitigate underlying risks.
Large tech organizations have shown support for the report’s recommendations. Juergen Mueller, Chief Technology Officer at SAP, stated that adopting memory-safe languages could enhance software security and protect critical infrastructure from cybersecurity threats. Jeff Moss, president of DEFCON and Black Hat, endorsed the recommendation, emphasizing that it could eliminate whole categories of vulnerabilities that have been inadequately addressed for decades.
The report highlights that cybersecurity responsibility extends beyond the chief information security officer to include chief information officers and chief technology officers. These leaders should focus on three major areas: software development, the analysis of software products, and ensuring a resilient execution environment.
The report serves as a call to action for both the technical and business communities, urging them to adopt memory-safe programming languages and develop robust metrics for software security to enhance overall cybersecurity resilience. By prioritizing these measures, organizations can better safeguard against cyberattacks and improve the reliability of their software systems. This proactive approach to cybersecurity can result in more predictable and secure computing environments, reducing downtime and the potential for vulnerabilities.
The post White House recommends everyone moves to Memory Safe Programming by design appeared first on Matthew Griffin | Keynote Speaker & Master Futurist.