Opinion  I must be a glutton for punishment. Not only was my first programming language IBM 360 Assembler, my second language was C. Programming anyth

The US government wants developers to stop using C and C++

submited by
Style Pass
2024-11-08 19:00:06

Opinion I must be a glutton for punishment. Not only was my first programming language IBM 360 Assembler, my second language was C. Programming anything in them wasn't easy. Programming safely in either is much harder.

So when the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI announced they were doubling down on their efforts to persuade software manufacturers to abandon "memory-unsafe" programming languages such as C and C++, it came as no surprise.

The report on Product Security Bad Practices warns software manufacturers about developing "new product lines for use in service of critical infrastructure or [national critical functions] NCFs in a memory-unsafe language (eg, C or C++) where there are readily available alternative memory-safe languages that could be used is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety."

If this sounds familiar, it's because CISA has been preaching on this point for years. Earlier in 2024, CISA, along with partner agencies including the FBI, Australian Signals Directorate's Australian Cyber Security Centre, and the Canadian Centre for Cyber Security, aka the Five Eyes, published a report, Exploring Memory Safety in Critical Open Source Projects, which analyzed 172 critical open source projects. The findings revealed that over half of these projects contain code written in memory-unsafe languages, accounting for 55 percent of the total lines of code across the examined projects.

Leave a Comment