From tenable.com
Projects written completely in a memory-safe language can be affected by memory vulnerabilities if they use external dependencies written in memory-unsafe languages.
Developers also can open the door for memory bugs in memory-safe languages if they disable certain security capabilities in them. Previously, CISA has identified C#, Go, Java, Python, Rust and Swift as memory-safe languages.
The cyber agencies recommend that organizations and software manufacturers:
- Reduce memory safety vulnerabilities
- Make secure and informed choices when using OSS
- Understand the risk of memory vulnerabilities in OSS
- Evaluate ways of reducing this risk
“We encourage additional efforts to understand the scope of memory-unsafety risks in OSS and continued discussion of the best approaches to managing and reducing this risk,” the report reads.