TLDR:
- The NSA has updated its list of memory-safe programming languages, urging developers to move away from using C or C++.
- Memory safety is the defense against flaws related to memory access, with languages like Java, Go, Rust, and others being recommended by the NSA.
The US government, through the White House Office of the National Cyber Director, has recommended the use of “memory-safe programming languages” in a recent report as part of President Biden’s cybersecurity plan. The report highlights the importance of moving away from languages like C and C++, which are prone to memory safety issues such as dangling pointers and buffer overflows. It suggests using languages like Go, Rust, C#, Swift, Java, and others that prioritize memory safety.
According to Microsoft and Google, memory safety problems have been identified as the root cause of a significant percentage of security vulnerabilities. The report aims to shift the responsibility of cybersecurity from small organizations to bigger institutions and the government. It also emphasizes the need for better software security metrics and the use of memory-safe languages for secure software development.
While the report does not specifically recommend a replacement for C and C++, it emphasizes the importance of using one of the many memory-safe programming languages available. The goal is to develop software in a secure-by-design manner and to address risks proactively.