National cybersecurity agencies from the U.S., Australia, Canada, New Zealand and the U.K. have released a joint guide for software manufacturers to create and publish roadmaps for protecting their products from memory safety vulnerabilities.
The cybersecurity information sheet recommended that manufacturers transition to memory safe programming languages, such as C#, Go, Java, Python, Rust and Swift, to eliminate memory safety vulnerabilities and reduce their software products’ attack surface, the National Security Agency said Wednesday.
Software developers must pick the right memory safe language for their products, create specific guidance for development and technical teams and invest in building staff capabilities and resources.
“Memory safety vulnerabilities affect software development across all industries,” said Neal Ziring, technical director of NSA’s Cybersecurity Directorate. “Working together to set clear goals and timelines in transition roadmaps to safer programming language is critical for mitigating these problems.”