According to news from this site on February 29, the U.S. government recently released a cybersecurity report calling on developers to stop using programming languages that are prone to memory safety vulnerabilities, such as C and C, and instead use memory-safe programming languages. development. The report was released by the Office of the Cyberspace Director (ONCD) to implement US President Joe Biden’s cybersecurity strategy, with the goal of “protecting the bedrock of cyberspace.”
Memory safety means that a program can effectively avoid potential errors and vulnerabilities when accessing memory, such as buffer overflows and dangling pointers. Java is considered a memory-safe programming language because of its runtime error detection capabilities. In contrast, C and C allow direct access to memory addresses and lack bounds checking, which makes them more prone to memory safety issues. Therefore, when developing applications, choosing the right programming language and adopting corresponding memory management strategies are crucial to ensuring memory safety.
According to research data from Microsoft and Google cited in the report, more than 70% of security vulnerabilities are closely related to memory safety issues. In addition, the report also mentioned the open source software security roadmap released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which encourages developers to adopt memory-safe programming languages and implement "security by design" development methods at the early stage of the project. This approach aims to reduce the risk of security vulnerabilities needing to be fixed later by focusing on security in the early stages of software design and development. Therefore, it is crucial to emphasize memory safety during software development, which can effectively reduce potential security vulnerabilities and risks.
The 19-page report aims to emphasize that cybersecurity is not just the responsibility of individuals, but also the shared responsibility of large organizations, technology companies and governments. The report does not recommend a specific programming language to replace C and C, but emphasizes that there are multiple memory-safe programming languages to choose from. The report also calls on businesses and engineers to adopt best software development practices and use memory-safe hardware to reduce the possibility of malicious attacks.
The U.S. National Security Agency (NSA) mentioned some programming languages that are considered safe in a recently released cybersecurity information document. It is worth noting...
Rust
Go
C
Java
Swift
JavaScript
The above is the detailed content of The U.S. government recommends that developers stop using C/C++ and switch to memory-safe programming languages. For more information, please follow other related articles on the PHP Chinese website!