According to a study from Consumer Reports, developers in government and industry should commit to using memory-safe languages for new products and tools, and identify important libraries and packages. best to switch to a memory-safe language.
The US nonprofit, known for testing consumer products, asked what steps could be taken to help usher in “memory-safe” languages, like Rust, instead. because of options like C and C++. Consumer Reports said it wanted to address “industry-wide threats that can’t be solved through user behavior or even consumer choice,” and that it identified “a failure to do so.” safety of memory” is one such issue.
The report, The future of memory safetyconsiders a variety of issues, including the challenges of building memory-safe language adoption in universities, the level of distrust in memory-safe languages, the introduction of memory-safe languages. memory-safe language for codebases written in other languages, as well as incentives and public accountability.
Also: Programming languages: Why this old favorite is on the rise
Over the past two years, more and more projects have begun to gradually apply Rust to codebases written in C and C++ to make code more secure in memory. Among them are initiatives from metaby Google Android Open Source ProjectC++ prevails Chromium Project (sort of)and Linux kernel.
In 2019, Microsoft revealed that 70% of the security bugs it fixed in the last 12 years were memory safety issues. This number is high because Windows is primarily written in C and C++. Since then, the National Security Agency (NSA) has recommended developers make a strategic shift away from C++ supports C#, Java, Ruby, Rust and Swift.
The shift to memory-safe languages – most notably, but not just Rust — even prompted the creator of C++, Bjarne Stroustrup and his colleagues, planning for “Safety of C++”. Developers prefer C++ for its performance and it still dominates embedded systems. C++ is still more widely used than Rust, but both are popular languages for system programming.
The Consumer Reports study includes input from a number of prominent figures in the information security field, as well as representatives from the Cybersecurity and Infrastructure Security Agency (CISA), Group Internet Security Research, Google, Office of the National Network Director, etc.
The report emphasizes that computer science professors have “a golden opportunity here to explain the dangers” and could, for example, increase the weight of memory safety errors in the assessment. scores. But it adds that teaching parts of some courses in Rust can add “unnecessary complexity” and there is a perception that Rust is harder to learn, while C seems to be an option. secure the future employability of many students.
The report shows that the industry can gather data on companies that are hiring people who know memory-safe languages and who require C/C++, by checking software bill of materials ( SBOM).
To overcome programmers’ belief that memory-safe languages are harder, someone could explain that these languages ”force programmers to think through important concepts to ultimately improve the safety and performance of their code,” the report notes.
Also: ‘Find something you’re passionate about.’ Five ways to build a career path that’s right for you
The report also addresses the question of how to introduce a new language into an existing codebase. The Linux kernel project does not rewrite existing kernel code, but initially enables Rust for some drivers. Chromium security group is Activate Rust with caution business-friendly, and build memory-safe features for C++ code in Chrome. The Android open source project is pushing Rust even harder. In Android 13, 21% of new code is written in Rustbut C and C++ code still prevails.
The report says that companies should be transparent about what causes bugs, providing detailed information about security vulnerabilities to help researchers and industry experts determine what percentage of vulnerabilities are caused by vulnerabilities. memory safety.
But knowing where to start can be difficult because vulnerability disclosure often doesn’t provide enough information to link the cause of a vulnerability to a particular language.
“For example, Apple’s security bulletins currently do not provide enough detail to distinguish memory vulnerabilities caused by C/C++ from logical errors,” it noted.
The report acknowledges the industry’s belief that the social and commercial incentives needed to radically solve a problem of this scale do not exist.
It also imagines a world where “memory-safe” procurement regulations exist. Today, it notes that you cannot buy routers written entirely in memory-safe languages because no such product exists.
“But the government can say that newly developed custom components must be memory-safe to slowly move the industry forward. This will require some kind of central coordination and trust in the system. The government may require a memory safe route map as part of the procurement process The map will explain how companies plan to eliminate unsafe code in memory in products their products over time,” it noted.
Ideas to promote memory-safe language adoption include asking developers to list safety mitigations for the memory used by a piece of software, as well as the approach “nutrition label” to indicate the percentage of code covered by safe, test, obfuscation, sandbox, least privilege languages, etc.
It also proposes regulatory and monetary incentives for organizations to migrate legacy code to memory-safe languages.