Memory Safety and the C/C++ CVE Crisis
A recent analysis reveals that approximately 70% of critical vulnerabilities in software stem from memory safety issues, particularly in C and C++. Major tech companies like Microsoft and Google have reported similar findings, prompting recommendations from the NSA for the adoption of memory-safe programming languages. This consensus highlights the need for a shift in programming practices to mitigate security risks associated with traditional languages.
- ▪Microsoft found that about 70% of its critical vulnerabilities were due to memory safety bugs.
- ▪Google's Project Zero reported similar statistics regarding memory safety vulnerabilities in Chromium.
- ▪The NSA has recommended the use of memory-safe languages such as Rust and Go to improve software security.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3891528) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Haven Messenger Posted on May 27 • Originally published at havenmessenger.com Memory Safety and the C/C++ CVE Crisis #security #rust #memorysafety #cybersecurity Microsoft analyzed a decade of their security bulletins and found roughly 70 percent of critical vulnerabilities were memory safety bugs. Google found roughly the same number in Android and Chromium. The NSA published an advisory recommending memory-safe languages by name.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
