The Office of the National Cyber Director (ONCD) released a new report titled “Back to the Building Blocks: A Path Toward Secure and Measurable Software.” This is one of the first major announcements by the new ONCD Director, Harry Coker, who was nominated by Joe Biden for the position of Director of National Cybersecurity.

The report makes a compelling case for the adoption of memory-safe programming languages.

This new focus builds on the goal of restoring cybersecurity responsibility and restructuring incentives in favor of long-term cybersecurity investments. Memory-safe programming languages were also included as a goal of the Open Source Software Security Initiative (OS3I), which recently published a new report.

When using a memory-safe programming language such as Rust, Go, Java, Swift, and Python, developers cannot create code that causes a memory error because the language includes specific properties such as memory safety. When developers write code in languages that are not memory safe, such as C and C++, they may inadvertently write code that can cause memory access errors. Instead of the errors being caught at compile time and runtime, as with memory-safe languages, they end up in the final version and cause security problems, writes Jennifer Gregory, an author on cybersecurity topics.

Gregory adds that choosing a memory-safe language significantly reduces or completely eliminates memory-related vulnerabilities. In addition to improved security, memory-safe languages also reduce crashes and allow developers to increase productivity because they don’t need to focus on memory management issues.

The report focuses on getting organizations to focus on two specific areas related to memory-safe languages. In addition, the government wants to focus on creating partnerships with the technical community, especially engineers and developers, to collaborate on making this key change happen.

Although the use of memory-safe languages is recommended, the transition to them is challenging. Many software programs and libraries are based on inappropriate memory protection languages, and rewriting the entire database is often impossible. Starting a new project with a safe programming language represents the easiest way to transition.

Organizations can reduce attacks by rewriting only the critical functions and libraries that are most vulnerable to memory-related errors. Suitable languages such as Rust and Swift are interoperable with C and C++, making this transition easier. However, making the transition requires adequate developer resources. Organizations should start by assessing their existing memory safety language experts and provide training for both current and new developers in this area.