US government wants businesses to stop using C and C++, claims they are insecure

US government agencies speak out about memory-unsafe languages
C/C++ are a “risk to national security,” the economy, public health and safety
Developers working with critical infrastructure advised to follow further guidance

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have advised businesses not to use the popular C and C++ programming languages, citing security concerns.

The joint report, titled ‘Product Security Bad Practices,’ forms part of the CISA’s ‘Secure by Design’ initiative, and hopes to guide software manufacturers away from risky practices when creating products for critical infrastructure.

Using memory-unsafe languages, like C and C++, was highlighted as one of the key threats to security in the report.

CISA and FBI warn against use of C/C++

Described as “dangerous” and a “risk to national security, national economic security, and national public health and safety,” the agencies advise against using memory-unsafe languages where memory-safe languages are a viable alternative.

Other recommended action includes publishing a memory safety roadmap by January 1, 2026, detailing steps to address vulnerabilities, particularly for sensitive components, however products with support ending before January 1, 2030 will be exempt from this guidance.

More broadly, a Stack Overflow survey of more than 3,000 UK developers last month revealed that nearly two-thirds (63%) of developers in Britain preferred JavaScript, which is a memory-safe language.

The agencies also highlight some common security oversights, suggesting that companies build products in such a way that they prevent the introduction of SQL injection vulnerabilities and command injection vulnerabilities. The advisory also recommends avoiding using default passwords by requiring the use of secure credentials upon installation.

In terms of ongoing support, the two agencies also call for companies to issue CVEs in a “timely manner,” particularly for critical and high-impact vulnerabilities, whether they are discovered internally or by a third party.

Full details of the advisory can be found on the CISA’s website.

https://cdn.mos.cms.futurecdn.net/vZLMcEg5JqfGeXydVkkxhk-1200-80.jpg

Source link

Key Insights & How Enterprises Should Adapt

Oops! Windows 11 update is reportedly telling users their PC is outdated – even if it’s not

Brains behind HDTV revolution want to deliver storage tech that is near indestructible — and can shrink a DVD movie to the size of...

How to switch to Bluesky from Twitter

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

US government wants businesses to stop using C and C++, claims they are insecure

Key Insights & How Enterprises Should Adapt

Oops! Windows 11 update is reportedly telling users their PC is outdated – even if it’s not

Brains behind HDTV revolution want to deliver storage tech that is near indestructible — and can shrink a DVD movie to the size of...

How to switch to Bluesky from Twitter

Leave a reply Cancel reply