The Inner Circle

 View Only

NSA Software Memory Safety

  • 1.  NSA Software Memory Safety

    Posted Nov 12, 2022 11:06:00 AM
      |   view attached
    Hi All,

    The NSA just published Software Memory Safety.

    Memory issues in software comprise a large portion of the exploitable vulnerabilities in existence. NSA advises organizations to shift from programming languages that provide little or no inherent memory protection, such as C/C++, to a memory-safe language when possible. Some examples of memory-safe languages are C#, Go, Java, Ruby™, and Swift®. Memory-safe languages provide differing degrees of memory usage protections, so available code-hardening defenses, such as compiler options, tool analysis, and operating system configurations, should be used for their protections as well. By using memory-safe languages and available code-hardening defenses, many memory vulnerabilities can be prevented, mitigated, or made very difficult for cyber actors to exploit.

    Michael Roza CPA, CISA, CIA, MBA, Exec MBA