According to a study by Consumer Reports, developers in the public sector and in industry should commit to using memory-safe languages for the development of new products and tools. And identify the most critical libraries and packages for moving to memory-safe languages.
The organization discussed what steps should be taken to encourage the adoption of “memory-safe” languages, such as Rust, at the expense of options such as C and C++. Consumer Reports says it wants to tackle “industry-wide threats that can’t be solved by user behavior or even customer choice” and identified the “lack of memory security as one of those issues.
The report, Future of Memory Safetyexamines the challenges of adopting secure-memory languages in universities, the levels of distrust of these languages, and their introduction into code bases written in other languages.
“A golden opportunity” for computer science teachers
Over the past two years, more and more projects have begun to gradually adopt Rust for codebases written in C and C++ to make code more memory-safe. Among them are initiatives from Meta, Google’s Android Open Source Project, the Chromium Project, and the Linux Kernel.
In 2019, Microsoft revealed that 70% of the security bugs it had fixed in the past 12 years were memory security issues. This figure was high because Windows was written primarily in C and C++. Since then, the National Security Agency (NSA) has recommended that developers make a strategic shift from C++ to C#, Java, Ruby, Rust, and Swift.
The move toward memory-safe languages — including, but not limited to, Rust — even prompted C++ creator Bjarne Stroustrup and his peers to come up with a blueprint for “C++ security.” Developers love C++ for its performance and it still dominates embedded systems. C++ is still widely used more than Rust, but both are popular languages for systems programming.
The report points out that computer science teachers have a “golden opportunity here to explain the dangers” the dangers of memory problems and could, for example, increase the weight of memory safety errors in the evaluation of grades. . But he adds that teaching parts of some courses in Rust could add “non-essential complexity” and that there is a perception that Rust is harder to learn, when C seems like a safe bet for learning. future employability of many students.
How to introduce a new language into an existing codebase
To overcome programmers’ belief that memory-safe languages are more difficult, it should be explained that these languages ”force programmers to think about important concepts that ultimately improve the safety and performance of their code”, notes The report.
The report also addresses the question of how to introduce a new language into an existing code base. The Linux kernel project does not rewrite existing kernel code, but enables Rust for some drivers first. The Chromium security team cautiously enables the Rust language when it makes good business sense and is also developing memory security features for C++ code in Chrome. The Android Open Source Project is pushing Rust more aggressively. In Android 13, 21% of new code is written in Rust, but C and C++ code remains dominant.
The report states that companies should be transparent about the causes of bugs, providing detailed information about security vulnerabilities to help researchers and industry experts determine the percentage of vulnerabilities due to the security of the memory.
Not enough information to link the cause of a flaw to a particular language
But it will be hard to know where to start, as vulnerability disclosures usually don’t provide enough information to tie the cause of a flaw to a particular language. “For example, Apple’s security bulletins currently do not provide enough detail to distinguish C/C++-induced memory vulnerabilities from logic bugs,” the report notes.
The report also acknowledges that the industry is convinced that the social and market incentives necessary to fully tackle a problem of this magnitude do not exist.
He also imagines a world where “memory-safe” supply chain regulations do exist. Today, the report notes, it is impossible to buy routers so the code is written entirely in secure memory languages. Such products do not exist.
To encourage adoption of the use of memory-safe languages, developers could be asked to list the memory-safety mitigations used by software, along with a “tag nutritional” to indicate the percentage of code covered by safe languages, audits, fuzzing, sandboxing, etc.