Info@NationalCyberSecurity
Info@NationalCyberSecurity

White House to Developers: Using C or C++ Invites Cybersecurity Risks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


The White House is calling on the tech industry to use programming languages that are less vulnerable to cyberattacks.

In a new report, the White House examines programming languages as the “primary building block” of the nation’s cybersecurity. “Programmers writing lines of code do not do so without consequence; the way they do their work is of critical importance to the national interest,” it says.

Moving to memory-safe languages can help prevent cyberattacks that have “vexed” the nation’s cybersecurity infrastructure for 35 years, according to the report, which notes that some of the most infamous cyberattacks were caused by memory safety vulnerabilities, such as the Morris worm of 1988 and the Heartbleed vulnerability in 2014.

PCMag Logo The computer worm that changed the world

Non-memory safe languages include C and C++, both of which are commonly used today. Memory safe languages include Rust, Go, C#, Java, Swift, Python, and JavaScript, SD Times reports. Switching to the latter, especially in new products, can deliver “significant security benefits,” the report says.

Those in the tech industry seem to agree. “By taking an engineering-first approach to cybersecurity policy, the White House is providing an actionable roadmap,” says Shyam Sankar, CTO at Palantir, according to Developer News.

Overhauling existing code may be out of the question, however. “Software quality would be greatly improved if we could somehow wave a magic wand and have all existing software translated to a memory-safe language,” Dan Boneh, professor of computer science, Stanford University, tells Developer News. “Unfortunately, such a magic wand does not yet exist.”

Recommended by Our Editors

The White House recommends a “hybrid approach” to existing codebases. “For example, software developers can identify the critical functions or libraries based on risk criteria and prioritize efforts to rewrite those first.”

The report also calls for the creation of standardized metrics to the cybersecurity level of software. While doing so has proven challenging in the past, it would help inform policies and incentivize secure software development.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.



——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW