Third-party code, DevOps

Memory safe code adoption lagging in critical open-source projects

Share
Real Php code developing screen. Programing workflow abstract algorithm concept. Lines of Php code visible under magnifying lens.

Fifty-two percent of 172 widely deployed critical open-source projects had memory-unsafe code or were not written in programming languages that curb memory-related errors, according to BleepingComputer.

Memory-unsafe languages were also used in 55% of total lines of code across all of the examined open-source projects, with Linux having the largest unsafe code ratio of 95%, a report from the Cybersecurity and Infrastructure Security Agency, FBI, Canadian Centre for Cyber Security, and the Australian Signals Directorate's Australian Cyber Security Centre. "We observed that many critical open source projects are partially written in memory-unsafe languages and limited dependency analysis indicates that projects inherit code written in memory-unsafe languages through dependencies," said CISA, which recommended an immediate transition to code written in Rust, GO, Java, and other memory-safe languages. Software developers have also been urged to bolster dependency management and auditing, as well as conduct continuous static and dynamic analyses on top of adhering to safe coding practices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.