Priya PatelTLDR:
- The US government, through the White House Office of the National Cyber Director, is calling for a shift to memory-safe programming languages and the development of security metrics in software development.
- This initiative aims to improve the cybersecurity of the nation’s infrastructure by reducing vulnerabilities and creating a more secure and measurable software ecosystem.
The Biden administration is expanding its role in software security, emphasizing the importance of public-private partnerships in hardening US information-technology infrastructure. The White House Office of the National Cyber Director (ONCD) released a report calling for a shift to memory-safe programming languages like Python, Java, and Rust, which can eliminate up to 70% of vulnerabilities. This move aims to create a new balance of responsibilities for defending cyberspace and incentivizing companies to invest in cybersecurity. National Cyber Director Harry Coker highlighted the need for a stronger foundation in securing critical infrastructure and systems by relying on those best positioned to defend cyberspace, including the federal government.
The Biden administration has been actively engaging with software makers and the open-source development community to improve software security. The report, “Back to the Building Blocks: A Path Toward Secure and Measurable Software,” emphasizes the government’s long-term role in overseeing software security. By advocating for memory-safe programming languages and the development of security metrics, the government aims to nudge private-sector organizations towards more secure practices. The shift to memory-safe languages could lead to increased security for organizations, as a proactive approach to cybersecurity is necessary to build a defensible and resilient ecosystem. However, creating standardized security metrics for software remains a challenge due to the evolving threat landscape.
While the open-source ecosystem has already started moving towards memory-safe languages, policymakers need to carefully consider policies before implementing any stringent requirements that could hinder open-source development. The Biden administration’s initiative signals a significant step towards a more secure software environment, with a focus on reducing vulnerabilities and enhancing the overall cybersecurity posture of the nation’s infrastructure.
