US government warns key open source programs aren’t sufficiently protected

In a joint report by the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA) and its Canadian and Australian counterparts, experts have warned many open source programs lack sufficient protection against emerging and evolving threat actors.

In its analysis of 172 open source projects, the CISA highlighted the importance of using memory-safe languages in preventing many vulnerabilities.

The report claims only half (52%) of the projects contained code written in a memory-unsafe language.

US government highlights the importance of memory-safe languages

Memory safety is crucial in preventing common vulnerabilities like buffer overflows and use-after-free errors. Popular coding languages like Rust, Java, Goland, C# and Python are designed to manage memory automatically, reducing the likelihood of these vulnerabilities.

However, other popular languages like C, C++ and Assembly require manual memory management, which opens up the doors to potential flaws.

Popular open source projects that use unsafe code include Linux (which comprises 95% unsafe code), Tor (93%), MySQL Server (84%) and even Chromium (51%), highlighting the widespread dependency on memory-unsafe languages.

Conversely, projects like WordPress and PowerShell were found to be made up of entirely memory-safe code.

The CISA highlighted the practical challenges faced by developers when it comes to using safer languages, such as performance needs and resource constraints. However the report acknowledges ongoing work: “Recent advancements allow memory safe programming languages, such as Rust, to parallel the performance of memory-unsafe languages.”

The joint report recommends that developers prioritize memory-safe languages for new code as well as transition critical existing components to safer alternatives. Besides language selection, the agencies also emphasize the importance of following secure practices, managing dependencies correctly and conducting methodical testing to identify and mitigate such safety issues.

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/HR3gHC2HP5c3yoxd2TS4xP-1200-80.jpg

Source link

‘Spending more on AI is not the same as creating value’: New study claims firms are ready to spend big on AI, but are...

Hasbro hit by major cyberattack — toymaker confirms ‘unfortunate incident’ takes down some parts of its websites

Hasbro hit by major cyberattack — toymaker confirms ‘unfortunate incident’ takes down some parts of its websites

There’s a sneaky way to watch The Housemaid for free

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Anna Faris Revealed as Candy Crush Mascot at L.A. Clippers NBA Game

HBO Original ‘The Eastern Gate’ Debuts First Look of Second Season

Joseph Duggar Wife Kendra Duggar on Family Reaction to Arrest

Meryl Streep just added her name to the list of celebrities that love this affordable ‘It’ bag

Blend’s post-IPO reset: CEO Nima Ghamsari bets that AI can turn it all around

Best Picks in Real Estate? UBS Says These Two Stocks Are Built for Uncertainty

Blend’s post-IPO reset: CEO Nima Ghamsari bets that AI can turn it all around

Seaport Therapeutics reports positive Phase 1 data for GlyphAgo

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

US government warns key open source programs aren’t sufficiently protected

Anna Faris Revealed as Candy Crush Mascot at L.A. Clippers NBA Game

Blend’s post-IPO reset: CEO Nima Ghamsari bets that AI can turn it all around

‘Spending more on AI is not the same as creating value’: New study claims firms are ready to spend big on AI, but are...

HBO Original ‘The Eastern Gate’ Debuts First Look of Second Season