NSA Publishes Guidance on Mitigating Software Memory Safety Issues


Caused by how programs manage or allocate memory, logic errors, incorrect order of operations, or the use of uninitialized variables, software memory safety issues are often exploited for remote code execution (RCE).

Representing the most common cause of vulnerabilities in many cases (Microsoft and Google blame memory safety issues for 70% of their bugs), memory safety issues may also lead to incorrect program behavior and performance degradation.

According to the NSA, the first step towards eliminating memory safety issues is the use of a programming language that is not inherently opening the door to these vulnerabilities.