Memory-Safe Code Adoption Has Made Android Safer

September 26, 2024 at 05:19PM The number of memory-related vulnerabilities in Android has significantly decreased over the past five years, attributed to Google’s use of memory-safe languages like Rust. Memory safety issues now only account for 24% of all Android vulnerabilities, down from 76% in 2019. This shift has been credited to Google’s secure-by-design approach … Read more

Google’s Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%

September 25, 2024 at 01:18PM Google’s shift to memory-safe languages like Rust has reduced memory-safe vulnerabilities in Android from 76% to 24% in six years. Prioritizing secure coding for new features makes codebases safer and cost-effective. The decrease in vulnerabilities is due to the decay of new code’s vulnerabilities and advancements in vulnerability combat. Google … Read more

Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws

September 9, 2024 at 03:57PM Google is promoting the deployment of Rust in existing low-level firmware codebases to combat memory-related security vulnerabilities. The company aims to demonstrate the viability of using Rust for firmware, highlighting its efficiency in guaranteeing memory safety and reducing vulnerabilities in existing code. This migration has led to a decrease in … Read more

CISA looked at C/C++ projects and found a lot of C/C++ code. Wanna redo any of it in Rust?

June 28, 2024 at 05:03PM The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has released a report detailing the prevalence of memory-unsafe languages in critical open source projects, highlighting the risks of memory safety vulnerabilities. The report emphasizes the need for organizations to prioritize memory safety and consider using memory-safe languages like Rust or … Read more

CISA’s Flags Memory-Unsafe Code in Major Open Source Projects

June 28, 2024 at 01:28PM A new study reveals the widespread and concerning use of memory-unsafe code in major open source software projects, leading to common security issues. Despite this insight, immediate changes are unlikely due to the complexity and cost of rewriting code entirely in memory-safe languages. The report’s findings align with previous studies, … Read more

White House’s Call for Memory Safety Brings Challenges, Changes & Costs

April 5, 2024 at 10:08AM The White House ONCD has released a report supporting the National Cybersecurity Strategy, emphasizing a shift to memory-safe programming languages for improved cybersecurity. The challenge lies in addressing legacy systems and balancing economic and technical considerations. Industry leaders, such as Mozilla, Microsoft, and Google, have invested in memory-safe languages. Practical … Read more

US Government Expands Role in Software Security

February 28, 2024 at 06:10PM The Biden administration is urging closer public-private partnerships to strengthen US information-technology infrastructure, advocating for memory-safe programming languages and improved ways to measure software security. The focus is on shifting responsibilities for defending cyberspace and incentivizing companies to invest in cybersecurity. The efforts aim to enhance the nation’s cybersecurity and … Read more

White House urges devs to switch to memory-safe programming languages

February 26, 2024 at 04:39PM The White House ONCD urges tech companies to adopt memory-safe programming languages like Rust to enhance software security by reducing memory safety vulnerabilities. Such vulnerabilities can lead to security risks and unauthorized access to data, posing a threat to the digital ecosystem. This initiative aligns with President Biden’s National Cybersecurity … Read more

Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware

December 11, 2023 at 01:13PM Research revealed that Lazarus Group used novel malware strains written in the atypical programming language DLang. The attacks, part of “Operation Blacksmith,” targeted organizations in various industries. This included the use of NineRAT and BottomLoader, with DLang’s usage representing a shift towards newer languages in malware coding, mirroring trends in … Read more