In a press release published, the National Security Agency (NSA) reports that it is making a strategic shift to memory-safe programming languages.
Η υπηρεσία συμβουλεύει τους οργανισμούς να εξερευνήσουν μόνοι τους τέτοιες αλλαγές χρησιμοποιώντας γλώσσες όπως C#, Go, Java, Ruby ή Swift.
The cybersecurity fact sheet “Software Memory Security” (PDF) highlights how malicious cyber actors can exploit memory mismanagement issues to gain access to sensitive information, run unauthorized code, and cause other negative effects.
"Memory management issues have been exploited for decades and are still very common today," said Neal Ziring, Cybersecurity CTO. "We must consistently use memory-safe languages and other protections when developing software to eliminate these weaknesses from malicious cyber actors."
Microsoft and Google have said that software memory security issues are behind about 70 percent of their vulnerabilities. Poor memory management can also lead to technical issues such as incorrect program results, degradation of program performance over time, and various other errors.
The NSA recommends that organizations use memory-safe languages where possible and strengthen code protection with compiler options, tool options, and operating system settings.
The full report is available here (PDF).
