www.infoworld.com
Open in
urlscan Pro
151.101.66.165
Public Scan
URL:
https://www.infoworld.com/article/3713203/white-house-urges-developers-to-dump-c-and-c.html
Submission: On February 29 via manual from US — Scanned from DE
Submission: On February 29 via manual from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Close Ad infoworld UNITED STATES * United States * United Kingdom * App Dev * Cloud * Gen AI * Machine Learning * Analytics * Newsletters * White Papers/Webcasts × search Analytics Careers Databases Cloud Computing * Amazon Web Services * Kubernetes * Microsoft Azure Generative AI Machine Learning Open Source Software Development * Agile Development * CI/CD * Devops * Java * JavaScript * Microsoft .Net Enterprise Buyer’s Guides Newsletters IDG Events In-Depth * Features * How-To * News * Reviews Blogs Video * Do More with R * Smart Python * IDG TECH(talk) Channel White Papers/Webcasts From Our Partners * The Latest Content from Our Sponsors More from the Foundry Network The voice of IT leadership Analytics Careers CIO Role Digital Transformation Leadership Project Management Security at the speed of business Application Security Cloud Security Identity Management Information Security Network Security Risk Management Security Software Making technology work for business Blockchain Collaboration Mobile Office Software Security Systems Management Windows From the data center to the edge Data Center Internet of Things Linux Networking SD-WAN Servers Storage Wi-Fi * About Us | * Contact | * Republication Permissions | * Privacy Policy | * Cookie Policy | * Copyright Notice | * Terms of Service | * European Privacy Settings | * Member Preferences | * Advertising | * Foundry Careers | * Ad Choices | * E-commerce Links | * California: Do Not Sell My Personal Info | * Follow Us * * * × Close * Home * Software Development * Programming Languages WHITE HOUSE URGES DEVELOPERS TO DUMP C AND C++ BIDEN ADMINISTRATION CALLS FOR DEVELOPERS TO EMBRACE MEMORY-SAFE PROGRAMING LANGUAGES AND MOVE AWAY FROM THOSE THAT CAUSE BUFFER OVERFLOWS AND OTHER MEMORY ACCESS VULNERABILITIES. * * * * * * * By Grant Gross InfoWorld | Feb 27, 2024 10:35 am PST Magdalena Petrova US President Joe Biden’s administration wants software developers to use memory-safe programming languages and ditch vulnerable ones like C and C++. The White House Office of the National Cyber Director (ONCD), in a report released Monday, called on developers to reduce the risk of cyberattacks by using programming languages that don’t have memory safety vulnerabilities. Technology companies “can prevent entire classes of vulnerabilities from entering the digital ecosystem” by adopting memory-safe programming languages, the White House said in a news release. Memory-safe programming languages are protected from software bugs and vulnerabilities related to memory access, including buffer overflows, out-of-bounds reads, and memory leaks. Recent studies from Microsoft and Google have found that about 70 percent of all security vulnerabilities are caused by memory safety issues. “We, as a nation, have the ability—and the responsibility—to reduce the attack surface in cyberspace and prevent entire classes of security bugs from entering the digital ecosystem but that means we need to tackle the hard problem of moving to memory safe programming languages,” National Cyber Director Harry Coker said in the White House news release. The US Cybersecurity and Infrastructure Security Agency also urged developers to use memory-safe programming languages in a September blog post. CISA, the FBI, the US National Security Agency, and agencies from allied countries also published the report, “The Case for Memory Safe Roadmaps,” in December. The new 19-page report from ONCD gave C and C++ as two examples of programming languages with memory safety vulnerabilities, and it named Rust as an example of a programming language it considers safe. In addition, an NSA cybersecurity information sheet from November 2022 listed C#, Go, Java, Ruby, and Swift, in addition to Rust, as programming languages it considers to be memory-safe. About 22 percent of all software programmers used C++, and 19 percent used C as of 2023, according to Statista, making them less popular than JavaScript, Python, Java and a few others. But the TIOBE Programming Community index ranks only Python as more popular, followed by C, C++, and Java. SHIFTING RESPONSIBILITY One goal of the new report is to shift the responsibility of cybersecurity away from individuals and small businesses and onto large organizations, technology companies, and the US government, which are “more capable of managing the ever-evolving threat,” the White House news release said. ONCD worked with the private sector, including technology companies, the academic community, and other organizations to develop the recommendations in the report, it said. ONCD issued a request for public input on the topic in August. It also gathered comments in support of the initiative from several technology companies, including Hewlett Packard Enterprise, Accenture, and Palantir. Other software security experts also praised the report. The ONCD report is helpful and timely, said Dan Grossman, a computer science professor at the University of Washington. While “dangers of C and C++ have been well-known for decades,” this is a good time for the White House to push for memory safety because practical and mature alternatives are now available, he said. TIME TO CHANGE At the same time, changes are needed because of “the sophistication of threats from adversaries that exploit memory safety violations,” he said. Discussions about memory safety involving the government, industry, and academic can lead to meaningful change, he added. “Naturally, many branches of the federal government are key creators and vendors for software and they can use this perspective in deciding their priority for upcoming changes to systems or new systems.” However, a move away from C and C++ won’t happen overnight, especially in embedded systems, Grossman said. “But the use of other languages for systems software, notably Rust, has already grown significantly, and I think many people anticipate that sort of evolution accelerating rather than C and C++ development simply stopping, which still seems unimaginable in its entirety.” Moving away from C and C++ will be a “long and difficult process,” added Josh Aas, executive director and co-founder of the Internet Security Research Group. “It takes a sustained effort to change the way people think about things, and communications like this help keep the issue of safety fresh in peoples’ minds.” For the change to happen, the government and the private sector need to work together to make secure code a priority, Aas said. “Ultimately, we need to write and deploy new code, but in order to get there, we need resources and we need leaders at all levels, from government to the private sector, to make it a priority,” he added. “Relevant leaders need to be made aware of the problem, and they need to know that they are going to be supported if they make solving this problem a priority.” Next read this: * Why companies are leaving the cloud * 5 easy ways to run an LLM locally * Coding with AI: Tips and best practices from developers * Meet Zig: The modern alternative to C * What is generative AI? Artificial intelligence that creates * The best open source software of 2023 Related: * Programming Languages * C Language * Application Security Copyright © 2024 IDG Communications, Inc. SPONSORED LINKS * Want to justify your IT investments faster? IDC reports on how to measure business impact. * Read this IDC spotlight to learn what commonly prevents value realization – and how to solve it InfoWorld Follow us * * * * About Us * Contact * Republication Permissions * Privacy Policy * Cookie Policy * Copyright Notice * Terms of Service * European Privacy Settings * Member Preferences * Advertising * Foundry Careers * Ad Choices * E-commerce Links * California: Do Not Sell My Personal Info Copyright © 2024 IDG Communications, Inc. Explore the Foundry Network descend * CIO * Computerworld * CSO Online * InfoWorld * Network World