(TLP:CLEAR) CISA Releases New Guidance for Reducing Memory-Related Vulnerabilities

Summary: This week, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development. The joint guide titled “Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development,” identifies the main obstacles in adopting memory safe languages, provides practical solutions to address these challenges, and emphasizes critical factors for organizations aiming to shift towards more secure software development methods.

Analyst Note: Memory safety vulnerabilities pose serious risks to national security and critical infrastructure operations. Adopting memory safe languages (MSLs) offers the most comprehensive mitigation against this class of vulnerabilities and provides built-in safeguards that enhance security by design. 

While this guidance is intended for software manufacturers, members are encouraged to utilize CISA’s Secure by Demand guidance which outlines the important role that software customers play in driving a secure technology ecosystem. Identifying and buying the products that are the most secure will not only make your utility less of a target but will also encourage manufacturers to create more secure products. This goes hand-in-hand with Fundamental 11: Secure the Supply Chain, from WaterISAC’s 12 Cybersecurity Fundamentals for Water and Wastewater Utilities.

Original Source: https://www.cisa.gov/resources-tools/resources/memory-safe-languages-reducing-vulnerabilities-modern-software-development

Additional Reading:

• Fundamental 11 | Secure the Supply Chain | WaterISAC’s 12 Cybersecurity Fundamentals for Water and Wastewater Utilities

Related WaterISAC PIRs: 6, 8, 11