Quick overview: The White House recommends switching from C and C++ to memory-safe languages like Rust, Go, or Python to improve performance. cyber security.
The White House strongly encouraged software developers to move away from using C and C++ and adopt memory-safe languages. A major reason for this push is the rampant cybersecurity threats that exploit the vulnerabilities inherent in these older languages.
C and C++ remain popular for many applications, but their performance comes at a significant cost. These languages give developers direct control over memory allocation and management. This control is essential for performance, but can be a security nightmare. Errors such as buffer overflows and use-after-free bugs are common in C and C++ programs and often serve as entry points for malicious attacks.
Studies have shown that most security vulnerabilities result from memory management errors. Microsoft alone found that 70% of vulnerabilities in its products could come from vulnerabilities in C and C++ code.
Languages like Rust, Go, Python, etc. are considered memory safe. It has built-in protection features such as automatic garbage collection and bounds checking. These safeguards eliminate an entire class of potential memory-related exploits. By using a memory-safe language, developers shift the responsibility for preventing many vulnerabilities onto the language itself, rather than relying solely on error-prone coding.
If memory-safe languages are superior, why do we continue to rely on C and C++? Here are some key reasons:
- Legacy code: A vast amount of critical infrastructure is built on C and C++. Rewriting everything is expensive and time consuming.
- Performance: C and C++ are often preferred for applications where speed is most important, such as game engines and operating systems.
- inertia: Many developers are familiar with C and C++. Learning a new language takes time and investment.
The White House is not proposing to abandon C and C++ entirely. Instead, we encourage you to use this powerful language more selectively. The focus is:
- New developments: Whenever possible, prioritize memory-safe languages for new projects.
- Refactoring: Progressively replace or refactor critical components of existing C/C++ code with memory-safe alternatives.
- Developer training: Promotes the benefits of memory-safe languages and provides resources to advance the technology.
The White House’s call for change is essential for cybersecurity, but it is not without obstacles.
- Legacy issues: Systems from power grids to medical devices use C/C++ code. Completely replacing these systems would be prohibitively expensive and risky, and new vulnerabilities may also arise during the transition.
- Performance overhead: Memory-safe languages sometimes incur a performance cost due to their safeguards. This is less true in newer languages like Rust, but can be a problem in real-time systems or high-performance computing.
- Developer expertise: While the community around memory-safe languages is growing, the base of skilled C/C++ programmers is still larger. Training or hiring for an alternative language adds to the cost of change.
- Ecosystem and Libraries Support for C and C++, which has been built over decades, can be much more comprehensive than support for newer languages. This makes it more difficult to rewrite existing components or find pre-built solutions.
The transition to memory-safe development is not an all-or-nothing proposition. Here are some strategies for success:
- Prioritize new projects: When building greenfield applications, use memory-safe languages by default when possible. This reduces future security burden from the start.
- Identify critical components: Audit your existing C/C++ codebase to find the most sensitive sections that handle user data, authentication, or interfacing with external networks. Target this for refactoring or replacement.
- Gradual adoption: Rewriting the entire system is unrealistic. Look for opportunities to add components or services developed in memory-safe languages and interface with legacy code.
- Hybrid solution: Sometimes, critical performance bottlenecks within a mostly safe application need to be written in C/C++. Special care must be taken when developing, testing, and isolating these sections.
- Government and Industry Cooperation: Funding for open source development, code auditing, and creation of secure libraries in memory-safe languages accelerates the transition process.
- Training and Education: We encourage a learning path for both new and experienced developers to become proficient in memory-safe languages.
The White House’s guidance is a stark reminder that our increasingly connected world requires a proactive cybersecurity approach. The transition to a memory-safe language presents challenges, but it is an investment in a more secure future. Developers, organizations and the technology industry must broadly embrace these changes in a collaborative spirit. By prioritizing secure coding practices, supporting education and training, and gradually transitioning to memory-safe languages, we can build a digital infrastructure that is much more resistant to cyberattacks.