{"id":209590,"date":"2024-03-02T08:38:13","date_gmt":"2024-03-02T08:38:13","guid":{"rendered":"https:\/\/michigandigitalnews.com\/index.php\/2024\/03\/02\/the-nsa-list-of-memory-safe-programming-languages-has-been-updated\/"},"modified":"2025-06-25T17:21:22","modified_gmt":"2025-06-25T17:21:22","slug":"the-nsa-list-of-memory-safe-programming-languages-has-been-updated","status":"publish","type":"post","link":"https:\/\/michigandigitalnews.com\/index.php\/2024\/03\/02\/the-nsa-list-of-memory-safe-programming-languages-has-been-updated\/","title":{"rendered":"The NSA list of memory-safe programming languages has been updated"},"content":{"rendered":"<p> [ad_1]<br \/>\n<\/p>\n<div>\n<p>The US government says it would be better for them if you ceased using C or C++ when <a href=\"https:\/\/www.tomshardware.com\/software\/security-software\/white-house-urges-developers-to-avoid-c-and-c-use-memory-safe-programming-languages\">programming tools.<\/a> In a recent report, the <a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2024\/02\/Final-ONCD-Technical-Report.pdf\">White House<\/a> Office of the National Cyber Director (ONCD) has urged developers to utilize \u201cmemory-safe programming languages,\u201d a classification that does not include widely used languages. The recommendation is a step toward \u201csecuring the building blocks of cyberspace\u201d and is a component of US President Biden\u2019s cybersecurity plan.<\/p>\n<p><a href=\"https:\/\/readwrite.com\/memory-safe-white-house-urges-major-tech-companies-to-adopt-secure-programme-languages\/\">Memory-safety<\/a>\u00a0is the defense against flaws and vulnerabilities related to memory access. Examples of this include dangling pointers and buffer overflows. Java\u2019s runtime fault detection checks make it a memory-safe language. Nonetheless, unconstrained pointer arithmetic with direct memory addresses and without bounds checking is supported by both C and C++.<\/p>\n<h2>In no particular order, the NSA suggests these memory-safe programming languages<\/h2>\n<ul>\n<li>Go<\/li>\n<li>Rust<\/li>\n<li>C#<\/li>\n<li>Swift<\/li>\n<li>Java<\/li>\n<li>Ruby<\/li>\n<li>Python<\/li>\n<li>Delphi\/Object Pascal<\/li>\n<li>Ada<\/li>\n<\/ul>\n<p>According to a 2019 analysis by Microsoft security engineers, memory safety problems were the root cause of almost 70% of security vulnerabilities. In 2020, Google released a similar figure, although this time it was for Chromium browser issues.<\/p>\n<p>The extensive report says, \u201cExperts have identified a few programming languages that both lack traits associated with memory safety and also have high proliferation across critical systems, such as C and C++.\u201d \u00a0And the report continues, \u201cChoosing to use memory safe programming languages at the outset, as recommended by the Cybersecurity and Infrastructure Security Agency\u2019s (CISA) Open-Source Software Security Roadmap is one example of developing software in a secure-by-design manner.\u201d<\/p>\n<p>The 19-page report aims to ensure that small organizations and individuals are not the only ones responsible for cybersecurity. Instead, the onus is on bigger institutions, digital businesses, and ultimately the government. The report seeks to detail what is considered \u201cunsafe\u201d programming languages, namely the use of C and C++.\u00a0 The Microsoft report says, \u201cWe\u2019re not here to debate the pros and cons of programming languages, but it is interesting to see that the report does not suggest a specific language in their place. We are told that there are \u201cdozens of memory-safe programming languages that can \u2014 and should \u2014 be used.\u201d<\/p>\n<p>Additionally, the paper recommends improving software security metrics. According to ONCD, better measurements let technology providers plan, predict, and address risks before they become an issue.<\/p>\n<p>Featured Image Credit: Paul Buijs; <a href=\"https:\/\/www.pexels.com\/search\/NSA\/\">Pexels<\/a><\/p>\n<div class=\"about-author\">\n<div class=\"author-info\">\n<div class=\"author-avatar col-md-2\">\n\t\t\t\t\t\t\t\t<img alt=\"\" srcset=\"https:\/\/readwrite.com\/wp-content\/uploads\/2018\/10\/Deanna-Ritchie_avatar-250x250.jpg 2x\" class=\"avatar avatar-125 photo\" height=\"125\" width=\"125\" decoding=\"async\" src=\"https:\/\/readwrite.com\/wp-content\/uploads\/2018\/10\/Deanna-Ritchie_avatar-125x125.jpg\"\/><noscript><img alt=\"\" src=\"https:\/\/readwrite.com\/wp-content\/uploads\/2018\/10\/Deanna-Ritchie_avatar-125x125.jpg\" srcset=\"https:\/\/readwrite.com\/wp-content\/uploads\/2018\/10\/Deanna-Ritchie_avatar-250x250.jpg 2x\" class=\"avatar avatar-125 photo\" height=\"125\" width=\"125\" decoding=\"async\"\/><\/noscript>\t\t\t\t\t\t\t<\/div>\n<p><!-- .author-avatar --><\/p>\n<div class=\"author-description col-md-10\">\n<h3 class=\"author-title\"><a href=\"https:\/\/readwrite.com\/author\/deanna\/\">Deanna Ritchie<\/a><\/h3>\n<h5 class=\"author-role\">\n\t\t\t\t\t\t\t\t\tManaging Editor at ReadWrite<br \/>\n\t\t\t\t\t\t\t\t<\/h5>\n<p class=\"author-bio\">\n\t\t\t\t\t\t\t\t\tDeanna is an editor at ReadWrite. Previously she worked as the Editor in Chief for Startup Grind, Editor in Chief for Calendar, editor at Entrepreneur media, and has over 20+ years of experience in content management and content development.\t\t\t\t\t\t\t\t<\/p>\n<p><!-- .author-bio --><\/p><\/div>\n<p><!-- .author-description -->\n\t\t\t\t\t\t<\/div>\n<p><!-- .author-info -->\n\t\t\t\t\t<\/div>\n<\/p><\/div>\n<p>[ad_2]<br \/>\n<br \/><a href=\"https:\/\/readwrite.com\/the-nsa-list-of-memory-safe-programming-languages-has-been-updated\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[ad_1] The US government says it would be better for them if you ceased using C or C++ when programming tools. In a recent report,<\/p>\n","protected":false},"author":1,"featured_media":209591,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[152],"tags":[],"_links":{"self":[{"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/posts\/209590"}],"collection":[{"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/comments?post=209590"}],"version-history":[{"count":2,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/posts\/209590\/revisions"}],"predecessor-version":[{"id":340748,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/posts\/209590\/revisions\/340748"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/media\/209591"}],"wp:attachment":[{"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/media?parent=209590"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/categories?post=209590"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michigandigitalnews.com\/index.php\/wp-json\/wp\/v2\/tags?post=209590"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}