White House recommends developers move from C++ and C to memory-safe programming languages such as Rust and Java



The Office of the National Cyber Director (ONCD) at the White House in the United States recommends that developers migrate from programming languages such as C++ and C to memory-safe programming languages such as Rust and C# .

BACK TO THE BUILDING BLOCKS:A PATH TOWARD SECURE AND MEASURABLE SOFTWARE
(PDF file) https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf

White House urges developers to dump C and C++ | InfoWorld
https://www.infoworld.com/article/3713203/white-house-urges-developers-to-dump-c-and-c.html



Research by Microsoft and Google shows that approximately 70% of all security vulnerabilities are caused by software bugs and vulnerabilities related to memory access, such as buffer overflows, out-of-bounds reads, and memory leaks. It is clear that there are. These problems can be avoided by using programming languages that ensure memory safety, but programming languages that are not memory safe remain popular, and research firm Statista reports that as of 2023, approximately 22% of developers will It has been revealed that approximately 19% of developers use C++.



The White House issued a statement on February 26, 2024 recommending the specification of a programming language with memory safety in order to strengthen security. The US National Security Agency (NSA) lists Rust, C#, Go , Java , Ruby , and Swift ( PDF file) as memory-safe programming languages.

ONCD Director Harry Coker said: 'As a nation, we have the ability and responsibility to reduce the attack surface in cyberspace and prevent security bugs of all kinds from entering our digital ecosystem. 'We will be tackling the difficult problem of forcing developers to migrate to programming languages with better memory safety.'

ONCD's future goal is to 'shift responsibility for cybersecurity from developers themselves and small businesses to large corporations, technology companies, and the U.S. government,' which will 'responsible for responding to ever-evolving threats.' He is highly capable of coping.'

'The dangers associated with C++ and the C language have been well known for decades,' said Dan Grossman, a computer science professor at the University of Washington. 'With so many available, it is very helpful and timely for the White House to encourage developers to migrate to memory-safe programming languages.'



However, Grossman said, ``Change is urgently needed as the threats from attackers exploiting memory safety vulnerabilities are becoming increasingly sophisticated.'' It's not something that can be done overnight.'

'Moving away from C++ and the C language is going to be a long and difficult process,' said Josh Aas, executive director and co-founder of the Internet Security Research Group. ``The public and private sectors must work together to prioritize the promotion of programming languages with excellent memory safety.''

In addition, in September 2023 , the United States Cybersecurity and Infrastructure Security Agency (CISA) issued a statement recommending the use of programming languages with excellent memory safety. The Federal Bureau of Investigation (FBI), NSA, and allied agencies have jointly released a report called ` `(PDF file) The Case for Memory Safe Roadmaps '' that promotes the adoption of programming languages with excellent memory safety.

◆Forum now open
A forum related to this article has been set up on the GIGAZINE official Discord server . Anyone can write freely, so please feel free to comment! If you do not have a Discord account, please create one by referring to the article explaining how to create an account!

• Discord | 'Have you learned a memory-safe programming language? What can you use? Which language have you learned?' | GIGAZINE
https://discord.com/channels/1037961069903216680/1212687659114430464

in Software, Posted by log1r_ut