White House Calls for Adoption of Memory-Safe Programming Languages to Prevent Cyber-Attacks

It’s time for software developers to reconsider the programming languages they use in order to improve security, according to a new report.

Sean Michael Kerner, Contributor

March 6, 2024

4 Min Read
cover of White House report "Back to the Building Blocks: A Path Toward Secure and Measurable Software"
Whitehouse.gov

Software developers have long had many options when it comes to programming languages. There are a number of reasons why they choose one language over another, including the usability and compatibility of the language. Now the White House Office of the National Cyber Director (ONCD) wants developers to add another critical factor — memory safety.

The ONCD has released a new report arguing that technology companies should adopt memory-safe programming languages as a way to prevent major cybersecurity vulnerabilities. The report, titled "Back to the Building Blocks: A Path Toward Secure and Measurable Software," makes the case that memory safety issues have been the root cause of some of the worst cyber-attacks over the past 35 years.

Memory safety is a programming language feature that prevents certain types of bugs related to the use and management of memory, which can lead to security vulnerabilities and program instability. A memory-safe programming language integrates features to ensure that a program cannot access memory it has not been allocated or has already freed.

"We, as a nation, have the ability — and the responsibility — to reduce the attack surface in cyberspace and prevent entire classes of security bugs from entering the digital ecosystem, but that means we need to tackle the hard problem of moving to memory-safe programming languages," National Cyber Director Harry Coker stated.

Related:Why Prompt Injection Is a Threat to Large Language Models

Memory Safety Key to Preventing Cyber-Attacks

According to the ONCD report, vulnerabilities like buffer overflows that lead to memory corruption have been behind major cyber events, including the Morris worm in 1988, the Slammer worm in 2003, the Heartbleed bug in 2014, and the Trident and Blastpass exploits in 2016 and 2023. By using memory-safe languages that are designed to avoid such vulnerabilities, the report argues that entire classes of bugs can be eliminated before they ever enter the digital ecosystem.

Coker pulled quote

The report points to memory safety vulnerabilities as one of the most common and pervasive weaknesses affecting cybersecurity today. Memory safety issues arise when computer memory is accessed or manipulated in ways that are unintended, out-of-bounds, or unsafe.

Two major categories of memory safety vulnerabilities are identified:

  • Spatial errors that allow memory to be accessed outside intended data structure bounds

  • Temporal errors from memory being accessed at the wrong time or in the wrong sequence

The report argues that the most impactful way to reduce memory safety issues is "to secure one of the building blocks of cyberspace: the programming language." It calls for both new software to be built with memory safe languages from day one, and for legacy codebases to be migrated wherever feasible.

Related:How to Choose a 'Secondary' Programming Language

Languages such as C and C++ are called out as lacking memory safety traits and being widespread across critical systems. The report cites studies showing that 70% of bugs in such languages are memory safety-related, even with extensive auditing and testing. It highlights the potential to eliminate the vast majority of these vulnerabilities by using languages with built-in memory protections.

Recommendations for Software Developers

A key recommendation in the report is for software developers to consistently adopt memory-safe programming languages. Many mature and production-ready options already exist, it notes, listing as examples Rust, Swift, Java, JavaScript, Python, and Go as established languages considered memory-safe. The report said Google's migration of certain Android OS modules to Rust has resulted in a dramatic reduction in memory safety bugs.

For legacy codebases where wholesale rewrites are impractical, the report suggests taking a hybrid approach to language migration. Critical functions or libraries can be prioritized based on risk factors like network connectivity and rearchitected in a memory-safe language first.

The report argues that this is an early architecture choice that delivers major security benefits with minimal tradeoff.

"Building new products and migrating high-impact legacy code to memory-safe programming languages can significantly reduce the prevalence of memory safety vulnerabilities throughout the digital ecosystem," the report states.

Complementary Approaches: Memory-Safe Hardware and Formal Methods

While the report primarily focuses on programming languages as a primary building block, it also explores memory-safe hardware architecture and formal methods as complementary approaches to achieve similar outcomes. 

These alternatives are particularly relevant in scenarios where using memory-safe languages may not be feasible.

About the Author

Sean Michael Kerner

Contributor

Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He consults to industry and media organizations on technology issues.

https://www.linkedin.com/in/seanmkerner/

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like