The National Security Agency (NSA) is pushing for the adoption of memory safe coding languages in an effort to improve security.
Software memory issues constitute one of the biggest sources of vulnerabilities for bad actors to exploit. Older, more established programming languages often lack automated means of managing memory, putting additional burdens on programmers to ensure no memory errors creep in.
“How a software program manages memory is core to preventing many vulnerabilities and ensuring a program is robust,” writes the NSA in its Cybersecurity Information Sheet. “Exploiting poor or careless memory management can allow a malicious cyber actor to perform nefarious acts, such as crashing the program at will or changing the instructions of the executing program to do whatever the actor desires. Even un-exploitable issues with memory management can result in incorrect program results, degradation of the program’s performance over time, or seemingly random program crashes.”
The NSA is now pushing for the adoption of languages that offer better memory management features, so-called “memory safe languages.” Memory safe languages include C#, Go, Java®, Ruby™, Rust®, and Swift.
“Using a memory safe language can help prevent programmers from introducing certain types of memory-related issues,” the NSA adds. “Memory is managed automatically as part of the computer language; it does not rely on the programmer adding code to implement memory protections. The language institutes automatic protections using a combination of compile time and runtime checks. These inherent language features protect the programmer from introducing memory management mistakes unintentionally. Examples of memory safe languages include C#, Go, Java, Ruby, Rust, and Swift.”
Rust, in particular, has gained publicity and adoption for being a memory safe language. Rust has been making its way into the Linux kernel and was chosen by System76, makers of the popular Pop!_OS Linux distro, to create their new COSMIC desktop environment.