The Biden administration is calling on software developers to ditch C and C++, two of the oldest surviving and most prominent programming languages, in favor of alternatives that have inherent memory-safety features.
Software companies “can prevent entire classes of vulnerabilities from entering the digital ecosystem” by embracing programming languages that don’t have memory-safety issues hostile foreign powers and criminal hackers are exploiting, the White House said.
Memory-safe programming languages are protected from security bugs related to how memory can be accessed, allocated, or rewritten in unintended ways. For example, an out-of-bounds reads bug could allow an attacker to read from adjacent blocks in memory that may contain private data, while a use-after-free bug could give the attacker access to information in memory that was already deleted.
Microsoft revealed at a conference in 2019 that from 2006 to 2018, 70 percent of their vulnerabilities were because of memory safety issues. In 2021, Google said it found that a similar percentage of severe security bugs in Chrome are memory safety problems.
“We, as a nation, have the ability—and the responsibility—to reduce the attack surface in cyberspace and prevent entire classes of security bugs from entering the digital ecosystem but that means we need to tackle the hard problem of moving to memory-safe programming languages,” Harry Coker, the White House’s national cyber director, said in a Feb. 26 press release.
Meanwhile, languages such as Rust, Python, and Java are among the recommended replacements.
“When large code bases are migrated to a memory-safe language, evidence shows that memory safety vulnerabilities are nearly eliminated,” it stated.
C++ Creator Defends Its Safety
The new White House report highlighted a 2022 bulletin by the U.S. National Security Agency (NSA), which advised programmers to use alternative languages instead of C and C++ to avoid exploitable memory-based vulnerabilities.“Commonly used languages, such as C and C++, provide a lot of freedom and flexibility in memory management while relying heavily on the programmer to perform the needed checks on memory references,” the agency said, recommending a “strategic shift” from C and C++ languages to a memory-safe language when possible.
The C language was created in the early 1970s by late computer scientist Dennis Ritchie at Bell Laboratories. An extension to the C language, C++, was developed in 1983 by Bjarne Stroustrup—another Bell Labs legend—to give programmers a high level of control over system resources and memory.
In response to the NSA’s recommendations, Mr. Stroustrup said the NSA was ignoring his more than 30 years of work to make the language “better, safer, and more efficient.”
“There is not just one definition of ’safety,' and we can achieve a variety of kinds of safety through a combination of programming styles, support libraries, and enforcement through static analysis,” the computer science pioneer explained. “The most obvious would be to request guaranteed full type-and-resource safety.”
“Ignoring the safety issues would hurt large sections of the C++ community and undermine much of the other work we are doing to improve C++,” he wrote. “So would focusing exclusively on safety.”
The NSA did acknowledge that memory management isn’t entirely safe even in a “memory-safe” language, and that mechanisms such as static and dynamic application security testing (SAST and DAST) can identify memory use issues in software coded in so-called non-memory-safe languages.
With that said, neither SAST nor DAST can make non-memory-safe code totally memory-safe, according to the NSA.
