Memory-safe programming languages are on the rise. Here’s how developers should respond
The report puts forward ways that memory-safe coding should be encouraged. But there’s still a lot of other code out there.
Memory Safe Programming Languages
A memory-safe programming language is a language that is designed to prevent common programming errors that can lead to memory-related vulnerabilities such as buffer overflows, null pointer dereferences, and use-after-free errors. Attackers can exploit these vulnerabilities to execute malicious code, steal data, or take control of a system.
Memory-safe languages provide features such as automatic memory management, type safety, and bounds checking to prevent such errors from occurring. They also often have strict rules around memory access and pointer manipulation to avoid accidental or malicious memory corruption.
Some examples of memory-safe programming languages include Rust, Swift, Java, Python, and C#. These languages are increasingly adopted in security-critical and high-assurance applications where memory safety is essential.
Rising the Memory-Safe Programming Languages
As memory-safe programming languages become more prevalent, developers should respond by adopting these languages for new projects and transitioning critical libraries and packages to memory-safe languages. This will help address the industry-wide issue of memory unsafety and improve the safety and performance of code.
To encourage the adoption of memory-safe languages, computer science professors can educate students on the dangers of memory unsafety and increase the weight of memory safety mistakes in assessing grades. The industry can gain data on the companies that hire people with memory-safe language knowledge by inspecting a software bill of materials (SBOM). Developers should also be informed that memory-safe languages force programmers to think through essential concepts that ultimately improve the safety and performance of their code.
Transitioning to memory-safe languages in an existing code base can be challenging. Still, projects such as the Linux kernel and the Chromium project are enabling Rust for some drivers and building memory safety features for C++ code, respectively. Companies should be transparent about the causes of bugs and provide detailed information on security vulnerabilities to help researchers and industry experts ascertain which percentage of vulnerabilities are due to memory safety.
Regulatory and monetary incentives can encourage organizations to transition legacy code to memory-safe languages. The report recommends a “nutrition label” approach to indicate the percentage of code covered by safe languages, audits, fuzzing, sandboxing, least privilege, and more.
Developers should respond to the rise of memory-safe programming languages by adopting these languages for new projects and transitioning critical libraries and packages to memory-safe languages. Education, transparency, and incentives can help encourage the adoption of memory-safe languages and improve the safety and performance of code.
The article is “Memory safe programming languages are on the rise. Here’s how developers should respond.“