NSA calls for memory-unsafe languages like C and C++ to be phased out
In its latest security advisory, the National Security Agency (NSA) has called out for businesses to shift from programming languages like C and C++ in favour of memory-safe alternatives like C#, RUST, Swift, Java, Ruby, and GO.
"NSA recommends that organisations use memory safe languages when possible and bolster protection through code-hardening defences such as compiler options, tool options, and operating system configurations," the advisory read.
The agency says that it’s easier for attackers to find vulnerabilities in code that poorly manages memory which is usually the case in the languages like C and C++ that that give more options and flexibility to the programmer.
A good example, the agency notes, is when an attacker infiltrates a system through buffer overflow or by leveraging poor software memory allocation.
In contrast, memory-safe languages can automatically prevent vulnerabilities that result from programmer error simply through compile time and runtime checks. It won’t help block all programming mistakes but issues such as unsafe use of memory pointers or races between concurrent threads can be avoided by using these languages.
However the agency also acknowledged that while the concept is easy on paper, it’s going to be a lot harder to put it into practice. Memory safe languages come with their own set of challenges. For instance, the additional levels of inherent protection may slow down development in the beginning, as memory-unsafe code will not be built by certain toolchains. But this is a small price to pay for fewer bugs and more manageable code later on.
Moreover, it’s very hard if not impossible to change from one language to another in the ASCII. Not to mention how hard it is to master some of these other languages like RUST.
The NSA are not the only ones to think that it’s time to phase out C and C++. Microsoft Azure CTO Mark Russinovich came out in September to say that new projects should stop using the two languages.
However, the CTO also acknowledges it will take time to phase out the two languages with multiple C/C++ projects already in existence.
Kevin Reed, CISO of cybersecurity firm Acronis is also of the same opinion. “I think the NSA is doing the right thing. Mitigations like address space layout randomisation (ASLR) and stack guard are kind of a band-aid, not a full solution; moving to a memory-safe language is a much better one," he said before seconding Russinovich’s point.
“I doubt we'll see immediate effects because the amount of C and C++ code written over the years is immense and even if we all start using Rust and Go tomorrow, it'll take decades before we clean up this mess," Reed said.