软餐获悉,美国国家网络总监办公室与白宫共同要求程序员原则上仅使用内存安全的编程语言。Rust 被认为是一种适合的语言,而 C 和 C++被认为是不安全的。当局称,技术行业可以通过停止使用某些编程语言来主动避免 “整个类别的漏洞”。因此,该政府机构在相关报告中呼吁程序员停止使用 C 和 C++等编程语言。白宫认为,在几乎所有情况下,使用内存安全的语言是可能且可扩展的。报告中列举了由于缺乏内存安全而导致的各种著名病毒、漏洞和安全漏洞的例子,包括 Morris 和 Slammer 蠕虫、Heartbleed、Trident 和 Blastpass。这些网络安全问题据称是由于内存访问漏洞引起的。微软在 2019 年证实了这一点,约 70% 的微软安全补丁都涉及改进内存安全。
内存安全描述了软件的内存访问的安全性或潜在的漏洞。缓冲区溢出和内存泄漏攻击利用内存安全的漏洞,可以执行任意代码以危害系统。许多现代编程语言支持执行边界检查的能力,这使得语言具备了内存安全性。
The US Office of the National Cyber Director, in collaboration with the White House, is requesting programmers to primarily use memory-safe programming languages. Rust is considered a suitable language, while C and C++ are regarded as unsafe. The authorities state that the tech industry can proactively avoid “entire categories of vulnerabilities” by ceasing the use of certain programming languages. Therefore, the government agency urges programmers, in its corresponding report, to stop using languages such as C and C++. The White House believes that using memory-safe languages is feasible and scalable in nearly all cases.
The report provides various prominent examples of viruses, exploits, and security vulnerabilities caused by the lack of memory protection, including the Morris and Slammer worms, Heartbleed, Trident, and Blastpass. These cybersecurity issues are said to be caused by memory access vulnerabilities. Microsoft confirmed this in 2019, as approximately 70% of their security patches were related to improving memory protection.
Memory safety describes the security or potential vulnerabilities of memory access in software. Buffer overflow and memory leak attacks exploit memory safety vulnerabilities, allowing the execution of arbitrary code to compromise a system. Many modern programming languages support the ability to perform bounds checks, which makes the language memory-safe.