Tuesday, June 24, 2025

Reducing Memory-Related Vulnerabilities - NSA New Guidance

 

Here's the summary of the new Memory Safe Language (MSL) guidance. Why do you care? Memory safety vulnerabilities persist at alarming rates. 

Some older stats: 

  • About 70% of Microsoft CVEs are memory safety issues
  • 70% of Google Chromium project vulnerabilities are memory safety related
  • 67% of zero-day vulnerabilities in 2021 were memory safety issues
Some newer stats. Because there's still a challenge.
  • 66% of iOS CVEs are memory safety related
  • 71% of macOS CVEs stem from memory safety issues

If you haven't been thinking about root cause analysis for reducing software vulnerabilities you're already behind your peers. And here is a major root cause. Memory Safe Programming Languages (MSLs) can eliminate these vulnerabilities entirely. These are programming languages designed to prevent common memory-related coding errors that malicious actors routinely exploit.

Business and Technical Benefits

All of this is interesting... but take note

Security Benefits: (obviously...)

  • Vulnerability Elimination: Entire classes of bugs become impossible
  • Reduced Attack Surface: Forces attackers to find other types of vulnerabilities
  • Proactive Protection: Prevents problems during development rather than patching them later

Reliability Benefits: (good for business...)

  • Fewer Crashes: Programs behave more predictably
  • Better Error Messages: When problems occur, MSLs provide clearer debugging information
  • Increased Uptime: More stable systems mean less downtime

Productivity Benefits: (good for the people...)

  • Faster Debugging: Developers spend less time hunting memory bugs
  • Focus on Features: Teams can concentrate on building functionality instead of fixing memory issues
  • Reduced Emergency Patches: Fewer urgent security updates needed

Sources: