1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • US government warns key open source programs aren't sufficiently

    From TechnologyDaily@1337:1/100 to All on Thu Jun 27 16:30:05 2024
    US government warns key open source programs aren't sufficiently protected

    Date:
    Thu, 27 Jun 2024 16:22:27 +0000

    Description:
    CISA, along with other global counterparts, is warning against the use of memory-unsafe languages.

    FULL STORY ======================================================================

    In a joint report by the FBI, the US Cybersecurity and Infrastructure
    Security Agency (CISA) and its Canadian and Australian counterparts, experts have warned many open source programs lack sufficient protection against emerging and evolving threat actors.

    In its analysis of 172 open source projects, the CISA highlighted the importance of using memory-safe languages in preventing many vulnerabilities.

    The report claims only half (52%) of the projects contained code written in a memory-unsafe language. US government highlights the importance of
    memory-safe languages

    Memory safety is crucial in preventing common vulnerabilities like buffer overflows and use-after-free errors. Popular coding languages like Rust,
    Java, Goland, C# and Python are designed to manage memory automatically, reducing the likelihood of these vulnerabilities.

    However, other popular languages like C, C++ and Assembly require manual memory management, which opens up the doors to potential flaws.

    Popular open source projects that use unsafe code include Linux (which comprises 95% unsafe code), Tor (93%), MySQL Server (84%) and even Chromium (51%), highlighting the widespread dependency on memory-unsafe languages.

    Conversely, projects like WordPress and PowerShell were found to be made up
    of entirely memory-safe code.

    The CISA highlighted the practical challenges faced by developers when it comes to using safer languages, such as performance needs and resource constraints. However the report acknowledges ongoing work: Recent
    advancements allow memory safe programming languages, such as Rust, to parallel the performance of memory-unsafe languages.

    The joint report recommends that developers prioritize memory-safe languages for new code as well as transition critical existing components to safer alternatives. Besides language selection, the agencies also emphasize the importance of following secure practices, managing dependencies correctly and conducting methodical testing to identify and mitigate such safety issues. More from TechRadar Pro Learn a new language with the best Python online courses Fancy an upgrade? Check out our roundup of the best laptops for programming The White House urgently wants memory-safe programming languages to be used by developers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/us-government-warns-key-open-source-programs-are nt-sufficiently-protected


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)