Software developers have long had many options when it comes to programming languages. There are a number of reasons why they choose one language over another, including the usability and compatibility of the language. Now the White House Office of the National Cyber Director (ONCD) wants developers to add another critical factor — memory safety.
The ONCD has released a new report arguing that technology companies should adopt memory-safe programming languages as a way to prevent major cybersecurity vulnerabilities. The report, titled "Back to the Building Blocks: A Path Toward Secure and Measurable Software," makes the case that memory safety issues have been the root cause of some of the worst cyber-attacks over the past 35 years.
Memory safety is a programming language feature that prevents certain types of bugs related to the use and management of memory, which can lead to security vulnerabilities and program instability. A memory-safe programming language integrates features to ensure that a program cannot access memory it has not been allocated or has already freed.
"We, as a nation, have the ability — and the responsibility — to reduce the attack surface in cyberspace and prevent entire classes of security bugs from entering the digital ecosystem, but that means we need to tackle the hard problem of moving to memory-safe programming languages," National Cyber Director Harry Coker stated.
Memory Safety Key to Preventing Cyber-Attacks
According to the ONCD report, vulnerabilities like buffer overflows that lead to memory corruption have been behind major cyber events, including the Morris worm in 1988, the Slammer worm in 2003, the Heartbleed bug in 2014, and the Trident and Blastpass exploits in 2016 and 2023. By using memory-safe languages that are designed to avoid such vulnerabilities, the report argues that entire classes of bugs can be eliminated before they ever enter the digital ecosystem.
The report points to memory safety vulnerabilities as one of the most common and pervasive weaknesses affecting cybersecurity today. Memory safety issues arise when computer memory is accessed or manipulated in ways that are unintended, out-of-bounds, or unsafe.
Two major categories of memory safety vulnerabilities are identified:
- Spatial errors that allow memory to be accessed outside intended data structure bounds
- Temporal errors from memory being accessed at the wrong time or in the wrong sequence
The report argues that the most impactful way to reduce memory safety issues is "to secure one of the building blocks of cyberspace: the programming language." It calls for both new software to be built with memory safe languages from day one, and for legacy codebases to be migrated wherever feasible.
Languages such as C and C++ are called out as lacking memory safety traits and being widespread across critical systems. The report cites studies showing that 70% of bugs in such languages are memory safety-related, even with extensive auditing and testing. It highlights the potential to eliminate the vast majority of these vulnerabilities by using languages with built-in memory protections.
Recommendations for Software Developers
A key recommendation in the report is for software developers to consistently adopt memory-safe programming languages. Many mature and production-ready options already exist, it notes, listing as examples Rust, Swift, Java, JavaScript, Python, and Go as established languages considered memory-safe. The report said Google's migration of certain Android OS modules to Rust has resulted in a dramatic reduction in memory safety bugs.
For legacy codebases where wholesale rewrites are impractical, the report suggests taking a hybrid approach to language migration. Critical functions or libraries can be prioritized based on risk factors like network connectivity and rearchitected in a memory-safe language first.
The report argues that this is an early architecture choice that delivers major security benefits with minimal tradeoff.
"Building new products and migrating high-impact legacy code to memory-safe programming languages can significantly reduce the prevalence of memory safety vulnerabilities throughout the digital ecosystem," the report states.
Complementary Approaches: Memory-Safe Hardware and Formal Methods
While the report primarily focuses on programming languages as a primary building block, it also explores memory-safe hardware architecture and formal methods as complementary approaches to achieve similar outcomes.
These alternatives are particularly relevant in scenarios where using memory-safe languages may not be feasible.
About the author
Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He consults to industry and media organizations on technology issues.
