Dive Brief:
- The Biden administration rallied key industry support for adoption of memory safe programming languages this week, part of a larger effort to reduce critical vulnerabilities malicious nation-state and criminal hackers are exploiting.
- Major technology companies, including SAP, Accenture, Palantir and Hewlett Packard Enterprise, are backing the adoption of memory safe programming languages. Officials from Stanford University and the University of Oxford also support the efforts to improve software measurability.
- The White House Office of the National Cyber Director issued a report Monday calling on the technology industry to widely adopt memory safe languages in their products and also urged the research community to help improve diagnostic capabilities to measure secure software.
Dive Insight:
The memory safety issue has been a key element of the Biden administration’s national cybersecurity strategy, which is designed to help the country strengthen key structural weaknesses to reduce the risk of future attacks.
Widely used languages like C and C++ have often increased the risk of critical vulnerabilities. Memory safety has been cited as a key factor in some of the worst vulnerability crises in recent years, including Heartbleed in 2014 and the 2023 BlastPass exploit chain, which was used to deliver spyware to older iPhones and other devices.
“It is clear that the creators of hardware and software are best positioned to address this problem,” National Cyber Director Harry Coker said in prepared remarks in a media briefing. “We need to get down to the very building blocks of cyberspace: the programming language.”
Fidelma Russo, EVP and GM of hybrid cloud and CTO at HPE, said memory safe code will be the new standard for cloud-native development at the company.
