[OT] NSA guidance on software security
Ruby The Roobster
rubytheroobster at yandex.com
Sat Nov 12 02:49:32 UTC 2022
On Friday, 11 November 2022 at 07:03:58 UTC, Paulo Pinto wrote:
> So it is happening,
>
>
> "Memory issues in software comprise a large portion of the
> exploitable vulnerabilities in
> existence. NSA advises organizations to consider making a
> strategic shift from
> programming languages that provide little or no inherent memory
> protection, such as
> C/C++, to a memory safe language when possible. Some examples
> of memory safe
> languages are C#, Go, Java, Ruby™, and Swift®."
>
> https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF
>
> Eventually this will move from a recomendation, to possible
> specific certification requirements to still deliver software
> in such languages.
>
> D is not yet on the list, but who knows, it might make an
> appearance on some revised version, if someone at NSA is paying
> attention.
If it becomes a requirement to use memory safe languages, then
you know that the U.S. has serious problems if they cannot even
choose what language to program in.
More information about the Digitalmars-d
mailing list