NSA software memory safety issue mitigation guidance unveiled

New recommendations on key protections against prevalent software memory safety concerns have been released by the National Security Agency in a bid to curb the exploitation of issues stemming from logic errors, incorrect operation orders, uninitialized variable use, and improper memory management to facilitate remote code execution, reports SecurityWeek. Organizations could mitigate software memory safety issues by adopting memory safe programming languages, including Go, C#, Rust, Java, Ruby, and Swift, but such languages could still be open to risk due to non-memory safe libraries or actions, according to the NSA. Using static and dynamic application security testing to strengthen non-memory safe languages could also help avert issues, such as memory leaks, buffer overflows, user-after-free, and race conditions. The NSA also advised the use of the compilation and execution environment through the Address Space Layout Randomization, Control Flow Guard, and Data Execution Prevention. "By using memory safe languages and available code hardening defenses, many memory vulnerabilities can be prevented, mitigated, or made very difficult for cyber actors to exploit," said the NSA.