NSA urges orgs to use memory-safe programming languages
The NSA has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory-safe alternatives – namely C#, Rust, Go, Java, Ruby or Swift.
"NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations,"advised the agency.
The org's main concern is that miscreants may exploit vulnerabilities in code that poorly manages memory, which occurs more frequently in the languages that give more options and flexibility to the programmer.
The NSA gives the examples of a threat actor finding their way into a system through a buffer overflow or by leveraging software memory allocation shortcomings. TellTims Survey Code
Meanwhile, memory-safe languages use a combination of compile time and runtime checks to automatically block off vulnerabilities caused by programmers' mistakes. Not all mistakes, mind, but every little helps. Bugs involving unsafe use of memory pointers or races between concurrent threads can be caught by these languages, for instance.