Home The NSA list of memory-safe programming languages has been updated

The NSA list of memory-safe programming languages has been updated

The US government says it would be better for them if you ceased using C or C++ when programming tools. In a recent report, the White House Office of the National Cyber Director (ONCD) has urged developers to utilize “memory-safe programming languages,” a classification that does not include widely used languages. The recommendation is a step toward “securing the building blocks of cyberspace” and is a component of US President Biden’s cybersecurity plan.

Memory-safety is the defense against flaws and vulnerabilities related to memory access. Examples of this include dangling pointers and buffer overflows. Java’s runtime fault detection checks make it a memory-safe language. Nonetheless, unconstrained pointer arithmetic with direct memory addresses and without bounds checking is supported by both C and C++.

In no particular order, the NSA suggests these memory-safe programming languages

  • Go
  • Rust
  • C#
  • Swift
  • Java
  • Ruby
  • Python
  • Delphi/Object Pascal
  • Ada

According to a 2019 analysis by Microsoft security engineers, memory safety problems were the root cause of almost 70% of security vulnerabilities. In 2020, Google released a similar figure, although this time it was for Chromium browser issues.

The extensive report says, “Experts have identified a few programming languages that both lack traits associated with memory safety and also have high proliferation across critical systems, such as C and C++.”  And the report continues, “Choosing to use memory safe programming languages at the outset, as recommended by the Cybersecurity and Infrastructure Security Agency’s (CISA) Open-Source Software Security Roadmap is one example of developing software in a secure-by-design manner.”

The 19-page report aims to ensure that small organizations and individuals are not the only ones responsible for cybersecurity. Instead, the onus is on bigger institutions, digital businesses, and ultimately the government. The report seeks to detail what is considered “unsafe” programming languages, namely the use of C and C++.  The Microsoft report says, “We’re not here to debate the pros and cons of programming languages, but it is interesting to see that the report does not suggest a specific language in their place. We are told that there are “dozens of memory-safe programming languages that can — and should — be used.”

Additionally, the paper recommends improving software security metrics. According to ONCD, better measurements let technology providers plan, predict, and address risks before they become an issue.

Featured Image Credit: Paul Buijs; Pexels

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Deanna Ritchie
Lead Editor

Deanna is an editor at ReadWrite. Previously she worked as the Editor in Chief for Startup Grind, Editor in Chief for Calendar, editor at Entrepreneur media, and has over 20+ years of experience in content management and content development.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.