[OT] NSA guidance on software security
Tejas
notrealemail at gmail.com
Sat Nov 12 03:04:08 UTC 2022
On Saturday, 12 November 2022 at 02:49:32 UTC, Ruby The Roobster
wrote:
> On Friday, 11 November 2022 at 07:03:58 UTC, Paulo Pinto wrote:
>> So it is happening,
>>
>>
>> "Memory issues in software comprise a large portion of the
>> exploitable vulnerabilities in
>> existence. NSA advises organizations to consider making a
>> strategic shift from
>> programming languages that provide little or no inherent
>> memory protection, such as
>> C/C++, to a memory safe language when possible. Some examples
>> of memory safe
>> languages are C#, Go, Java, Ruby™, and Swift®."
>>
>> https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF
>>
>> Eventually this will move from a recomendation, to possible
>> specific certification requirements to still deliver software
>> in such languages.
>>
>> D is not yet on the list, but who knows, it might make an
>> appearance on some revised version, if someone at NSA is
>> paying attention.
>
> If it becomes a requirement to use memory safe languages, then
> you know that the U.S. has serious problems if they cannot even
> choose what language to program in.
They tried in the past to enforce just one: Ada
Look how that turned out
Even if they internally decided that they'll write all their
software in Rust/C#/whatever, they will not try to enforce that
on other organizations, simply because the other orgs won't
listen and it'll not exactly be cost efficient to actually force
them to do so
More information about the Digitalmars-d
mailing list