2 min read IT

White House Advocates for the Shift from C and C++ to "Safe" Programming Languages in a New Cybersecurity Strategy

White House Advocates for the Shift from C and C++ to "Safe" Programming Languages in a New Cybersecurity Strategy
Photo by Pawel Czerwinski / Unsplash

In a groundbreaking move that underscores the importance of cybersecurity in the digital age, the White House, through the Office of the National Cyber Director (ONCD), has issued a clarion call to developers and the tech community at large to transition from traditional programming languages like C and C++ to what it terms “memory-safe” programming languages. This directive is a pivotal element of President Joe Biden’s cybersecurity strategy, aimed at fortifying the foundational blocks of cyberspace against the myriad of threats that loom in the digital shadows.

The advice from ONCD comes against a backdrop of increasing cyber threats that exploit vulnerabilities inherent in the way memory management is handled in software coding. It’s a well-documented fact that improper memory management can open the floodgates to severe security breaches, allowing malicious actors to launch sophisticated cyberattacks. Languages such as Java are lauded for their error-detection mechanisms during execution, providing a safer haven against memory management mishaps. In contrast, C and C++ afford developers the latitude to perform pointer operations and direct memory address manipulations—capabilities that, while powerful, also introduce significant risk. This risk is exemplified by the revelation from Microsoft security engineers in 2019 that approximately 70% of vulnerabilities were attributed to memory safety issues, a statistic echoed by Google in 2020 concerning bugs discovered in the Chromium browser.

The ONCD report identifies several programming languages, including C and C++, as lacking essential memory safety features yet being prevalently used in critical systems. It echoes the recommendations of the Cybersecurity and Infrastructure Security Agency’s (CISA) Open Source Software Security Roadmap, advocating for the adoption of memory-safe programming languages from the onset of software development. This approach is championed as a best practice for developing secure software from start to finish.

Spanning 19 pages, the report’s ambition extends beyond merely shifting the responsibility of cybersecurity onto individuals and small businesses. Instead, it posits that the mantle of cybersecurity must be collectively borne by large organizations, technology firms, and the government at large. It delves into the problems posed by C and C++ while also presenting a suite of alternatives deemed “safe for memory” by the National Security Agency (NSA). Among the recommended languages are Rust, Go, C#, Java, Swift, JavaScript, and Ruby. These languages are equipped with mechanisms designed to thwart common types of memory attacks, thereby enhancing the security of the systems developed with them.

The call to action from ONCD is for companies and engineers to employ best practices in software development and to utilize memory-safe programming languages to minimize the attack surface available to adversaries. Although the report stops short of detailing what constitutes a memory-safe programming language, the NSA had previously outlined its stance on memory-safe languages in a cybersecurity bulletin published in November 2022.

Furthermore, the report advocates for improved measurement of software security, positing that better metrics would enable technology providers to more effectively plan, anticipate, and mitigate vulnerabilities before they escalate into significant threats.

This report is the latest in a series of steps taken by the U.S. government to bolster cybersecurity. In March 2023, President Biden signed an executive order on cybersecurity, initiating processes to protect software and hardware infrastructure and to foster collaboration within the tech industry. This strategic pivot towards advocating for memory-safe programming languages marks a critical juncture in the ongoing battle to secure cyberspace, reflecting a comprehensive approach to cybersecurity that encompasses not just the technological aspects but also the human and organizational facets of safeguarding digital assets.

You might also like...

Oct
03
Competitor to OpenAI o1: Google Developing a New AI Model That Thinks Like a Human

Competitor to OpenAI o1: Google Developing a New AI Model That Thinks Like a Human

Google is actively working on a new artificial intelligence model that has the potential to mimic human thinking. This information
2 min read
Oct
01
A Historic First: Charlotte Hanneman Becomes the First Female Top Executive in Philips' 133-Year History

A Historic First: Charlotte Hanneman Becomes the First Female Top Executive in Philips' 133-Year History

In a groundbreaking development for one of the world’s leading health technology companies, Philips, a woman has been appointed
2 min read
Sep
26
MSI Unveils New Devices Inspired by S.T.A.L.K.E.R. 2: Heart of Chornobyl - A Deep Dive into the Collaboration with GSC Game World

MSI Unveils New Devices Inspired by S.T.A.L.K.E.R. 2: Heart of Chornobyl - A Deep Dive into the Collaboration with GSC Game World

MSI, a renowned name in the gaming accessories industry, has recently unveiled an exciting teaser for a new line of
4 min read
Sep
24
Scientists Create Innovative Technology That Boosts Computer Efficiency by 100 Times: A Revolution in Data Processing

Scientists Create Innovative Technology That Boosts Computer Efficiency by 100 Times: A Revolution in Data Processing

In today's fast-paced world, where data processing speed is critical for various industries, Finnish company Flow Computing has unveiled a
3 min read
Sep
17
Amazon Employees Required to Return to Offices Starting January 2025: Key Exceptions and Impact on Workforce Productivity

Amazon Employees Required to Return to Offices Starting January 2025: Key Exceptions and Impact on Workforce Productivity

Amazon has announced a significant change in its work policy, requiring employees to return to the office for five days
5 min read
GrowthNowGeek © 2024