The federal government is encouraging software manufacturers to ditch C/C++ and take other actions that could “reduce customer risk,” according to

Software Makers Encouraged to Stop Using C/C++ by 2026

submited by
Style Pass
2024-11-06 00:30:04

The federal government is encouraging software manufacturers to ditch C/C++ and take other actions that could “reduce customer risk,” according to the Product Security Best Practices report. In particular, CISA and the FBI set a deadline of Jan. 1, 2026, for compliance with memory safety guidelines.

The report covers guidelines and recommendations rather than mandatory rules, particularly for software manufacturers who work on critical infrastructure or national critical functions. The agencies specifically highlighted on-premises software, cloud services, and software-as-a-service.

While it isn’t directly stated that using ‘unsafe’ languages could disqualify manufacturers from government work, and the report is “non-binding,” the message is straightforward: Such practices are inappropriate for any work classified as relevant to national security.

“By following the recommendations in this guidance, manufacturers will signal to customers that they are taking ownership of customer security outcomes, a key Secure by Design principle,” the report states.

Leave a Comment