White House: Use memory-safe programming languages to protect the nation
The White House is asking the technical community to switch to using memory-safe programming languages – such as Rust, Python, Swift, C#, Java, and Go – to prevent memory corruption vulnerabilities from entering the digital ecosystem.
According to a recent Horizon3.ai analysis of vulnerabilities exploited in 2023 (as listed in CISA’s Known Exploited Vulnerabilities Catalog), memory safety issues were the second leading cause of vulnerabilities, and 75% of them have been exploited as 0-days by threat actors.
“Additionally, 25% were discovered by security researchers and retroactively discovered to have been exploited as 0-days,” said Zach Hanley, Chief Attack Engineer at Horizon3.ai.
The case for memory-safe programming languages and hardware
To help with the transition, the White House Office of the National Cyber Director (ONCD) has released a report outlining why memory-safe programming languages and memory-safe hardware is needed, and outlines formal methods to give software developers greater assurance that entire classes of vulnerabilities – not just memory safety bugs – are absent.
“Our experience has demonstrated that formal methods combined with memory-safe programming languages provide a robust framework for eliminating vulnerabilities with unparalleled precision,” commented Dan Guido, CEO of Trail of Bits.
Anjana Rajan, Assistant National Cyber Director for Technology Security, has pointed out that the Morris worm of 1988, the Slammer worm of 2003, the Heartbleed vulnerability in 2014, the Trident exploit of 2016, the Blastpass exploit of 2023 all has a common root cause: memory safety vulnerabilities.
“For thirty-five years, memory safety vulnerabilities have plagued the digital ecosystem, but it doesn’t have to be this way. [The ONCD report] was created for engineers by engineers because we know they can make the architecture and design decisions about the building blocks they consume – and this will have a tremendous effect on our ability to reduce the threat surface, protect the digital ecosystem and ultimately, the Nation.”
The White House also noted that the report is “an important step toward shifting the responsibility of cybersecurity away from individuals and small businesses and onto large organizations like technology companies and the Federal Government.
“A recent report authored by CISA, the NSA, the FBI, and international cybersecurity agencies entitled The Case for Memory Safe Roadmaps, provides guidance for manufacturers with steps to implement changes to eliminate memory safety vulnerabilities from their products,” the ONCD report says.
It also contains a section on software measurability, which the academic community has been tapped to help solve by developing better diagnostics to measure cybersecurity quality.
A welcome step
Jason Urso, CTO at Honeywell Connected Enterprises, noted that adding memory safe programming as part of the software design process will be a valuable addition to the cyber defense toolkit that includes network segregation, high security models, and real time threat and vulnerability assessments.
Dan Boneh, Professor of Computer Science at Stanford University said that software quality would be greatly improved if we could somehow wave a magic wand and have all existing software translated to a memory-safe language, but that unfortunately, such a magic wand does not yet exist.
“The White House is taking a pragmatic approach, and is proposing to start this conversion with critical space systems, which is a good testing ground for the proposed approach. Preventing memory safety bugs is only the beginning of a long journey towards more secure software. Formal verification and confinement technologies are important tools in our arsenal, and I was happy to see that the White House is calling for further investment in these technologies,” he added.