2017年01月21日作品选用记录

US President Joe Biden’s administration wants software developers to use memory-safe programming languages and ditch vulnerable ones like C and C++.

The White House Office of the National Cyber Director (ONCD), in a report released Monday, called on developers to reduce the risk of cyberattacks by using programming languages that don’t have memory safety vulnerabilities. Technology companies “can prevent entire classes of vulnerabilities from entering the digital ecosystem” by adopting memory-safe programming languages, the White House said in a news release.

[ Read C++ creator Bjarne Stroustrup’s rebuttal of the White House warning ]

Memory-safe programming languages are protected from software bugs and vulnerabilities related to memory access, including buffer overflows, out-of-bounds reads, and memory leaks. Recent studies from Microsoft and Google have found that about 70 percent of all security vulnerabilities are caused by memory safety issues.

“We, as a nation, have the ability—and the responsibility—to reduce the attack surface in cyberspace and prevent entire classes of security bugs from entering the digital ecosystem but that means we need to tackle the hard problem of moving to memory safe programming languages,” National Cyber Director Harry Coker said in the White House news release.

The US Cybersecurity and Infrastructure Security Agency also urged developers to use memory-safe programming languages in a September blog post. CISA, the FBI, the US National Security Agency, and agencies from allied countries also published the report, “The Case for Memory Safe Roadmaps,” in December.

The new 19-page report from ONCD gave C and C++ as two examples of programming languages with memory safety vulnerabilities, and it named Rust as an example of a programming language it considers safe. In addition, an NSA cybersecurity information sheet from November 2022 listed C#, Go, Java, Ruby, and Swift, in addition to Rust, as programming languages it considers to be memory-safe.

About 22 percent of all software programmers used C++, and 19 percent used C as of 2023, according to Statista, making them less popular than JavaScript, Python, Java and a few others. But the TIOBE Programming Community index ranks only Python as more popular, followed by C, C++, and Java.

Shifting responsibility

One goal of the new report is to shift the responsibility of cybersecurity away from individuals and small businesses and onto large organizations, technology companies, and the US government, which are “more capable of managing the ever-evolving threat,” the White House news release said.

ONCD worked with the private sector, including technology companies, the academic community, and other organizations to develop the recommendations in the report, it said. ONCD issued a request for public input on the topic in August. It also gathered comments in support of the initiative from several technology companies, including Hewlett Packard Enterprise, Accenture, and Palantir. Other software security experts also praised the report.

The ONCD report is helpful and timely, said Dan Grossman, a computer science professor at the University of Washington. While “dangers of C and C++ have been well-known for decades,” this is a good time for the White House to push for memory safety because practical and mature alternatives are now available, he said.

Time to change

At the same time, changes are needed because of “the sophistication of threats from adversaries that exploit memory safety violations,” he said.

Discussions about memory safety involving the government, industry, and academic can lead to meaningful change, he added. “Naturally, many branches of the federal government are key creators and vendors for software and they can use this perspective in deciding their priority for upcoming changes to systems or new systems.”

However, a move away from C and C++ won’t happen overnight, especially in embedded systems, Grossman said. “But the use of other languages for systems software, notably Rust, has already grown significantly, and I think many people anticipate that sort of evolution accelerating rather than C and C++ development simply stopping, which still seems unimaginable in its entirety.”

Moving away from C and C++ will be a “long and difficult process,” added Josh Aas, executive director and co-founder of the Internet Security Research Group. “It takes a sustained effort to change the way people think about things, and communications like this help keep the issue of safety fresh in peoples’ minds.”

For the change to happen, the government and the private sector need to work together to make secure code a priority, Aas said.

“Ultimately, we need to write and deploy new code, but in order to get there, we need resources and we need leaders at all levels, from government to the private sector, to make it a priority,” he added. “Relevant leaders need to be made aware of the problem, and they need to know that they are going to be supported if they make solving this problem a priority.”