Today: June 3, 2025
Subscribe
November 13, 2022
1 min read

US NSA tells developers to shun C and C++ programming language

Commonly used languages, such as C and C++, provide a lot of freedom and flexibility in memory management while relying heavily on the programmer to perform the needed checks on memory references…reports Asian Lite News

The US National Security Agency (NSA) has requested developers worldwide to shun old programming languages like C and C++ which are more prone to hackers to shift to new, memory safe languages.

Microsoft, Google and others have flagged vulnerabilities in codes due to memory safety issues and malicious cyber actors can exploit these vulnerabilities for remote code execution or other adverse effects, which can often compromise a device and be the first step in large-scale network intrusions.

“NSA advises organisations to consider making a strategic shift from programming languages that provide little or no inherent memory protection, such as C/C++, to a memory safe language when possible. Some examples of memory safe languages are C#, Go, Java, Ruby, and Swift,” the agency said in a new document.

Commonly used languages, such as C and C++, provide a lot of freedom and flexibility in memory management while relying heavily on the programmer to perform the needed checks on memory references.

Simple mistakes can lead to exploitable memory-based vulnerabilities.

“Software analysis tools can detect many instances of memory management issues and operating environment options can also provide some protection, but inherent protections offered by memory safe software languages can prevent or mitigate most memory management issues,” said the NSA.

Even with a memory safe language, memory management is not entirely memory safe.

“Several mechanisms can be used to harden non-memory safe languages to make them more memory safe. Analysing the software using static and dynamic application security testing (SAST and DAST) can identify memory use issues in software,” said the NSA.

“The compilation and execution environment can be used to make it more difficult for cyber actors to exploit memory management issues. Most of these added features focus on limiting where code can be executed in memory and making memory layout unpredictable,” the agency suggested.

ALSO READ: UAE, Egypt ink major energy deal

Tags:

Related Posts

Previous Story

Climate protests grip Egypt, Spain and Germany

Next Story

White House ex-advisor Vikrum Aiyer joins Heirloom Carbon

Latest from -Top News

Goyal Courts Global CEOs in Paris

Piyush Goyal is on an official trip to France with the aim of boosting trade and investments…reports Asian Lite News Commerce and Industry Minister Piyush Goyal met with leading global CEOs in

India Gains Malaysia’s Backing on Terror

The visit of the all-party delegation to Malaysia is part of India’s strategic outreach to garner international support against cross-border terrorism emanating from the soil of Pakistan….reports Asian Lite News An Indian

India Signals FTA with Oman

The talks for the free trade pact with Oman started in November 2023, and Goyal visited the Gulf country from January 27 to January 28….reports Asian Lite News Commerce and Industry Minister

Hasina Charged with Crimes Against Humanity

The charges, which were made public on Sunday, mark a significant turn in the political landscape of Bangladesh…reports Asian Lite News Former Bangladesh Prime Minister Sheikh Hasina has been formally charged with

Syria Strikes $7b Deal

The agreements, signed in the presence of Syrian leader Ahmed al-Sharaa, mark a total investment of 7 billion U.S. dollars…reports Asian Lite News – Syria signed a series of memoranda of understanding
Go toTop

Don't Miss

Biden disappointed Over Xi Jinping’s ‘Unexpected’ G20 No-Show

The last time the two Presidents met was at the

US does not seek cold war with China: Biden

Biden reiterated Washington’s commitment to “‘One China’ policy, which has