The C and C++ languages are unsafe. Instead, the U.S. National Security Agency would like devs to use memory-safe languages—because most security vulnerabilities are caused by bugs in memory usage.
Neal Ziring (pictured), the NSA Cybersecurity Directorate director, says all you programmers are making “simple mistakes” that are “still entirely too common.” He’s talking about problems such as buffer overflows and use-after-free bugs.
His prescription: Switch to languages such as Rust, like some of the Linux kernel team are doing. In today’s SB Blogwatch, we’re only slightly sarcastic.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: World’s biggest Ponzi scheme.
Don’t Shoot the Messenger
What’s the craic? Laura Dobberstein reports—“NSA urges orgs to use memory-safe programming languages”:
“C and C++ are particularly problematic”
The … NSA has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory safe alternatives — namely C#, Rust, Go, Java, Ruby or Swift. … The org’s main concern is that malicious cyber actors may exploit vulnerabilities in poorly managed memory, which occurs more frequently in the languages that give more options and flexibility to the programmer.
…
Memory safe languages use a combination of compile time and runtime checks that automatically protect the programmer from introducing mistakes that turn into…
