Dear All,

Today, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development.

Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages (MSLs) offers the most comprehensive mitigation against this class of vulnerabilities and provides built-in safeguards that enhance security by design.

CISA’s Secure by Design program advocates for integrating proactive security measures throughout the software development lifecycle, with MSLs as a central component. Consistent support for MSLs underscores their benefits for national security and resilience by reducing exploitable flaws before products reach users.

This joint guide outlines key challenges to adopting MSLs, offers practical approaches for overcoming them, and highlights important considerations for organizations seeking to transition toward more secure software development practices. Organizations in academia, U.S. government, and private industry are encouraged to review this guidance and support adoption of MSLs.

In addition to the product published today, CISA and the NSA previously released the joint guide, The Case for Memory Safe Roadmaps. To learn more about memory safety, visit Secure by Design on CISA.gov.

New Guidance Released for Reducing Memory-Related Vulnerabilities

Questions for discussion:

Despite advancements, why do memory-related vulnerabilities remain such a pervasive and critical threat, particularly in the context of emerging technologies?

From a governance and assurance perspective, how can organizations effectively mandate and verify the reduction of memory-related vulnerabilities across their emerging technology initiatives?

It's always great to learn from each other, share experiences, and stay updated. Let's learn and explore together!