The National Security Agency (NSA) has issued a guideline,Designed to help software developers and operators prevent and mitigate software memory safety issues. It encourages organizations to move programming languages ​​from the likes of C and C++ to memory-safe alternatives – namely C#, Rust, Go, Java, Ruby or Swift,to protect the code from remote code execution or other hacking attacks.

“NSA Enterprises are advised to use memory-safe languages ​​wherever possible, and strengthen protection through code hardening defenses such as compiler options, tool options, and operating system configuration. “

The NSA said that memory security issues account for a large proportion of exploitable vulnerabilities.And citing data from Microsoft, it pointed out that 70% of the company’s vulnerabilities from 2006 to 2018 were due to memory safety issues; Google’s Chrome also found a similar proportion of memory safety holes in a few years.

The organization believes thatMalicious network actors exploit poor memory management issues to access sensitive information, enact unauthorized code execution, and cause other negative effects, whileThese often compromise devices and become the first step in a large-scale network intrusion.

“Commonly used languages, such as C and C++, offer a great deal of freedom and flexibility in memory management, while relying heavily on the programmer to perform the required checks on memory references, simple mistakes can lead to exploitable Vulnerabilities of memory. Software analysis tools can detect many instances of memory management problems, and operating environment options can provide some protection, but the inherent protections provided by memory-safe software languages ​​can prevent or mitigate most memory management problems.

The NSA recommends using memory-safe languages ​​where possible. While the additional protections of using a non-memory-safe language and using a memory-safe language do not provide absolute protection against exploitable memory issues, they do provide a fair amount of protection. As a result, the private sector, academia, and the overall software community of the US government have initiated initiatives to advance the software development culture toward the use of memory-safe languages. “

but NSA also pointed out that“Memory safety” is a bit of a misnomer, and the concept is relative. and warned,Even with memory-safe languages, memory management is not exactly memory-safe.

“Most memory-safe languages ​​acknowledge that software sometimes needs to perform unsafe memory management functions to accomplish certain tasks. Therefore, there are classes or functions that are considered unsafe and allow programmers to perform potentially unsafe memory management tasks . Some languages ​​require explicit annotation of anything that is memory unsafe to make the programmer and any reviewer of the program aware that it is unsafe. Memory-safe languages ​​can also use libraries written in non-memory-safe languages, Unsafe memory functions can therefore be included. Although these methods of including memory unsafe mechanisms subvert inherent memory safety, they help locate where there may be memory problems, allowing for additional scrutiny of those parts of the code. “

on the other hand,Some memory-safe languages ​​may come at a performance cost. Also, learning a new language is not easy; for example,Rust, while powerful, has a fairly steep learning curve.

See the full report for more details.