What Are Memory-Safe Programming Languages?
There are many mitigation measures that agencies and other organizations can take to minimize harm from these kinds of vulnerabilities, CISA notes in the guidance. That includes efforts to reduce the prevalence of vulnerabilities, such as developer training, secure coding guidelines and the use of safer language subsets.
“Memory-safe programming languages are those that provide guarantees on memory access and generally don’t provide a developer with the ability to write code that can result in invalid memory access,” Rohlf says.
Such languages, Stockley notes, “handle memory management automatically instead of letting computer programmers do it, eliminating the root cause of some extremely common security vulnerabilities.” Examples include C#, Go, Java, Python, Rust and Swift.
For instance, with Rust, “memory is guaranteed to never overflow boundaries, which is the core cause of many memory safety issues,” says David Weston, vice president of enterprise and OS security at Microsoft. “Imagine this like a car safety system, where the car can never drift into an adjacent lane by accident.”
The CISA guidance notes that memory-unsafe programming languages are prevalent and run operating systems, resource-constrained systems and applications that require high performance.
DISCOVER: CMMC 2.0 streamlines security requirements for DOD contractors.
Lord says CISA acknowledges that shifting to memory-safe languages, or MSLs, will involve “significant investments and executive attention” and years of careful planning. The guidance recommends that software vendors create and publish memory-safe roadmaps that detail how they will eliminate memory safety vulnerabilities in their products.
Using MSLs will create more reliable code than memory-unsafe languages, lead to fewer interruptions for developers, and increase security for agencies and other software customers, CISA says.
Lord says CISA knows that software manufacturers will not rewrite all their code overnight, but following these recommendations can help get them started. “We suspect that they’re going to find places that are high-value targets for an attacker and focus their initial energies in those areas,” he says.
Why Agencies Should Adopt Memory-Safe Programming
The CISA guidance recommends that software makers consider “how to prioritize migration to MSLs through the development of roadmaps and specific guidance for development and technical teams.” It says that software vendors should pick use-case-appropriate MSLs, noting that “each one has its own set of tradeoffs in terms of architecture, tooling, performance, popularity, cost, and other factors.” Vendors should also consider how they will train and hire developers to work with selected MSLs.
RELATED: Workforce training is key to zero-trust development.
Rohlf notes that CISA’s guidance proposes a multiphase approach that should include processes and techniques for reducing the prevalence of memory safety vulnerabilities in existing code, adopting mitigation technologies found in compilers and modern CPUs, and then developing a plan to adopt and transition to memory-safe languages.
Lord says that both sellers and buyers of software, such as agencies, need to hear this advice.
“We want to encourage folks to have that conversation with their software suppliers and talk about where they are in their journey,” he says.
MSLs provide “deterministic safety against current and future security issues, removing the need to play whack-a-mole with vulnerabilities,” Weston says.
The number of security vulnerabilities reported each year due to memory safety issues is “quite high,” Rohlf says, and “remediating and patching those vulnerabilities is expensive for these organizations.”
MORE FROM FEDTECH: Automated vulnerability scanning reduces the likelihood of human error.
“If we can reduce the volume of memory safety security vulnerabilities, we will not just improve security but also lower costs for these organizations and allow their security staff to focus on other areas,” he adds.
Shockley agrees, saying that moving to MSLs will make securing software easier for software makers and their customers.
“The vast number of memory management vulnerabilities discovered each year gives criminals a huge attack surface to target. It forces software vendors to issue a constant output of software updates, and it ties up IT and security staff in a complex and time-consuming merry-go-round of patching,” he says. “Many organizations end up being attacked simply because they cannot keep up with the patching that could have prevented the attack.”