Subscribe To Print Edition About The Tribune Code Of Ethics Download App Advertise with us Classifieds
search-icon-img
search-icon-img
Advertisement
Home / ScienceTechnology / US National Security Agency tells developers to shun C and C++ programming language

US National Security Agency tells developers to shun C and C++ programming language

IANS San Francisco, November 12 The US National Security Agency (NSA) has requested developers worldwide to shun old programming languages like C and C++ which are more prone to hackers to shift to new, memory safe languages. Microsoft, Google and...
article_Author
Tribune Web Desk
Updated At : 10:55 PM Nov 12, 2022 IST
  • fb
  • twitter
  • whatsapp
  • whatsapp
featured-img featured-img
Advertisement

IANS

San Francisco, November 12

The US National Security Agency (NSA) has requested developers worldwide to shun old programming languages like C and C++ which are more prone to hackers to shift to new, memory safe languages.

Advertisement

Microsoft, Google and others have flagged vulnerabilities in codes due to memory safety issues and malicious cyber actors can exploit these vulnerabilities for remote code execution or other adverse effects, which can often compromise a device and be the first step in large-scale network intrusions.

“NSA advises organisations to consider making a strategic shift from programming languages that provide little or no inherent memory protection, such as C/C++, to a memory safe language when possible. Some examples of memory safe languages are C#, Go, Java, Ruby, and Swift,” the agency said in a new document.

Advertisement

Commonly used languages, such as C and C++, provide a lot of freedom and flexibility in memory management while relying heavily on the programmer to perform the needed checks on memory references.

Simple mistakes can lead to exploitable memory-based vulnerabilities.

“Software analysis tools can detect many instances of memory management issues and operating environment options can also provide some protection, but inherent protections offered by memory safe software languages can prevent or mitigate most memory management issues,” said the NSA.

Even with a memory safe language, memory management is not entirely memory safe.

“Several mechanisms can be used to harden non-memory safe languages to make them more memory safe. Analysing the software using static and dynamic application security testing (SAST and DAST) can identify memory use issues in software,” said the NSA.

“The compilation and execution environment can be used to make it more difficult for cyber actors to exploit memory management issues. Most of these added features focus on limiting where code can be executed in memory and making memory layout unpredictable,” the agency suggested.

Advertisement
Tags :
Advertisement
Advertisement
Advertisement
Advertisement

The Tribune, now published from Chandigarh, started publication on February 2, 1881, in Lahore (now in Pakistan). It was started by Sardar Dyal Singh Majithia, a public-spirited philanthropist, and is run by a trust comprising five eminent persons as trustees.

The Tribune, the largest selling English daily in North India, publishes news and views without any bias or prejudice of any kind. Restraint and moderation, rather than agitational language and partisanship, are the hallmarks of the newspaper. It is an independent newspaper in the real sense of the term.

The Tribune has two sister publications, Punjabi Tribune (in Punjabi) and Dainik Tribune (in Hindi).

Remembering Sardar Dyal Singh Majithia

Copyright © The Tribune Trust, 2024
Designed and developed by :  SORTD
tlbr_img1 Home tlbr_img2 Opinion tlbr_img3 Classifieds tlbr_img4 Videos tlbr_img5 E-Paper