The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously—co-authored in collaboration with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the cybersecurity authorities of Australia, Canada, the United Kingdom, and New Zealand—explains how software manufacturers can eliminate memory safety vulnerabilities by transitioning to memory safe programming languages.
Memory unsafe code is a major problem for software manufacturers and their customers. Previous attempts at solving the problem have made only partial gains, and today, two-thirds of reported vulnerabilities in memory unsafe programming languages still relate to memory issues.
The guidance provides manufacturers steps for creating and publishing memory safe roadmaps that will show their customers how they are owning security outcomes, embracing radical transparency, and taking a top-down approach to developing secure products—key Secure by Design tenets.
The most promising path towards eliminating memory safety vulnerabilities is simpler than we think.
Guides
The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously
This guide provides manufacturers steps for creating and publishing memory safe roadmaps that will show customers how they are owning security outcomes, embracing radical transparency, and taking a top-down approach to developing secure products.
Exploring Memory Safety in Critical Open Source Projects
CISA, in partnership with the FBI, Australian Cyber Security Centre, and Canadian Cyber Security Center, crafted this joint guidance to provide organizations with findings on the scale of memory safety risk in selected open source software.