[Info-vax] NSA on programming languages
Arne Vajhøj
arne at vajhoej.dk
Fri Feb 3 08:39:19 EST 2023
On 11/11/2022 9:01 PM, Arne Vajhøj wrote:
> https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF
>
> National Security Agency | Cybersecurity Information Sheet
> Software Memory Safety
> <quote>
> Commonly used languages, such as C and C++, provide a lot of freedom and
> flexibility
> in memory management while relying heavily on the programmer to perform
> the needed
> checks on memory references. Simple mistakes can lead to exploitable
> memory-based
> vulnerabilities.
...
> Using a memory safe language can help prevent programmers from
> introducing certain
> types of memory-related issues. Memory is managed automatically as part
> of the
> computer language; it does not rely on the programmer adding code to
> implement
> memory protections. The language institutes automatic protections using
> a combination
> of compile time and runtime checks. These inherent language features
> protect the
> programmer from introducing memory management mistakes unintentionally.
Bjarne has replied to NSA:
https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2023/p2739r0.pdf
Arne
More information about the Info-vax
mailing list