Cybersecurity Snapshot: Memory Bugs Pervasive in Open Source SW, While Car Dealership Chaos Persists After Ransomware


Projects written completely in a memory-safe language can be affected by memory vulnerabilities if they use external dependencies written in memory-unsafe languages. 

Developers also can open the door for memory bugs in memory-safe languages if they disable certain security capabilities in them. Previously, CISA has identified C#, Go, Java, Python, Rust and Swift as memory-safe languages.

The cyber agencies recommend that organizations and software manufacturers:

  • Reduce memory safety vulnerabilities
  • Make secure and informed choices when using OSS
  • Understand the risk of memory vulnerabilities in OSS
  • Evaluate ways of reducing this risk

“We encourage additional efforts to understand the scope of memory-unsafety risks in OSS and continued discussion of the best approaches to managing and reducing this risk,” the report reads.

Read more…