CyberSecurityBoard
Sponsor Register Login

Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs

Government agencies in the US, UK, Canada, Australia, and New Zealand have published guidance for software makers to eliminate memory safety vulnerabilities.
The document, named Case for Memory Safe Roadmaps, recommends the adoption of memory safe programming languages, which will help eliminate well-known and common coding errors that threat actors routinely exploit in malicious attacks.
Memory safety bugs, the Five Eyes government agencies note, persist despite significant efforts put into reducing their prevalence.
Transitioning to an MSL should eliminate this type of security flaws and reduce their impact, allowing both developers and customers to invest resources in other areas.
Some of the mitigation methods used to reduce memory safety bugs include developer training, code coverage, secure code guidelines, fuzzing, the use of static application security testing and dynamic application security testing tools, and the use of safer language subsets.
To reduce the impact of this type of vulnerabilities, defenders have marked memory segments as non-executable, adopted Control Flow Integrity, Address Space Layout Randomization, sandboxing, and other mitigation methods, and are considering the use of hardware to support memory protections.
The adoption of MSLs should bring benefits to both software makers and their customers, by improving code reliability, reducing the need to patch the reported vulnerabilities and the number of emergency releases, and ultimately reducing the number of urgent updates that customers will need to install, as well as data breaches.
When developing a memory safety roadmap, software manufacturers should consider how to prioritize transition, the use of appropriate MSLs, and how they will train developers.
For each of these aspects, the Five Eyes agencies recommend specific steps to follow.
The guidance also provides an overview of the implementation challenges that software makers will encounter when adopting MSLs, as well as details on the elements that a memory safety roadmap should include.


This Cyber News was published on www.securityweek.com. Publication date: Thu, 07 Dec 2023 16:13:04 +0000


Cyber News related to Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs

Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs - Government agencies in the US, UK, Canada, Australia, and New Zealand have published guidance for software makers to eliminate memory safety vulnerabilities. The document, named Case for Memory Safe Roadmaps, recommends the adoption of memory safe ...
1 year ago Securityweek.com
Accelerating Safe and Secure AI Adoption with ATO for AI: stackArmor Comments on OMB AI Memo - We appreciate the opportunity to comment on the proposed Memo on Agency Use of Artificial Intelligence. Ensuring agencies have access to adequate IT infrastructure,. We base our remarks on our experience helping US Federal agencies transform their ...
1 year ago Securityboulevard.com
Teaching Digital Literacy and Online Safety - It is crucial for educators to prioritize teaching online safety to ensure that students are equipped with the necessary skills to protect themselves online. This article aims to explore the importance of teaching digital literacy and online safety, ...
1 year ago Securityzap.com
Tech upgrades for first responders are a necessity, not a luxury - Public safety professionals want technology upgrades and adoption of federal standards for first responder IT security, reporting and efficiency, according to Mark43. First responders face growing concerns amidst cybersecurity surge. The ...
1 year ago Helpnetsecurity.com
How Cloud Solutions Can Lead to Stronger, More Secure IT Operations - Cloud services, which offer tools such as networks, servers, and data storage, can help federal agencies deliver better IT services while minimizing costs. Without adequate security measures, these services can expose agencies to cyberattacks. The ...
11 months ago Cyberdefensemagazine.com
Five Eyes Agencies Put Focus on Active Directory Threats - Security Boulevard - Cybersecurity agencies in the United States and other countries are urging organizations to harden the security around Microsoft’s Active Director (AD) solution, which has become a prime target of hackers looking to compromise enterprise networks. ...
4 months ago Securityboulevard.com
Role of Parents in Teaching Online Safety - In today's digital landscape, where children are increasingly exposed to the vast world of the internet, the role of parents in teaching online safety has become paramount. Parents should have regular conversations with their kids about the ...
1 year ago Securityzap.com
Warren PD Launches Mark43 Records Management System - Mark43, a leading cloud-native public safety software company that took home Top Awards for Best Disaster Preparedness and Disaster Recovery Solution in the 2023 'ASTORS' Homeland Security Awards Program, is pleased to announce the official ...
1 year ago Americansecuritytoday.com
How Government Agencies Can Leverage Grants to Shore Up Cybersecurity - COMMENTARY. Since the pandemic forced unprecedented adoption of remote access and delivery of government services, telehealth, and education, cybersecurity has rapidly shot to the top of priority lists for IT leaders. What was once a shiny object ...
9 months ago Darkreading.com
Online safety laws: What's in store for children's digital playgrounds? - As children's safety and privacy online becomes a matter of increasing urgency, lawmakers around the world push ahead on new regulations in the digital realm. Tomorrow is Safer Internet Day, an annual awareness campaign that started in Europe in 2004 ...
2 years ago Welivesecurity.com
Dozens of Rogue California Police Agencies Still Sharing Driver Locations with Anti-Abortion States - SAN FRANCISCO-California Attorney General Rob Bonta should crack down on police agencies that still violate Californians' privacy by sharing automated license plate reader information with out-of-state government agencies, putting abortion seekers ...
1 year ago Eff.org
Majority of Gao's Cybersecurity Recommendations Not Implemented by Federal Agencies - The Government Accountability Office has recently reported that federal agencies have been slow to implement a majority of the recommendations it made for improving the cybersecurity of federal agencies. Despite the implementation progress at some ...
2 years ago Securityweek.com
CVE-2022-30315 - Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The ...
1 year ago
Safeguarding Children and Vulnerable Groups Online Strategies for Enhancing Online Safety in Digital Communities - As the younger generations get more involved with these online communities, they can also be targets for cyberbullies, hackers, scammers, online predators, and much worse. As the internet landscape continues to evolve, online forums and group chat ...
1 year ago Cyberdefensemagazine.com
Victory! Grand Jury Finds Sacramento Cops Illegally Shared Driver Data - For the past year, EFF has been sounding the alarm about police in California illegally sharing drivers' location data with anti-abortion states, putting abortion seekers and providers at risk of prosecution. We thus applaud the Sacramento County ...
7 months ago Eff.org
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
1 year ago Securityzap.com
Is TikTok Safe for Kids? - As the TikTok craze continues to spread worldwide, many parents wonder about the safety implications of the app their kids can't get enough of, particularly if their kids are on the younger side. TikTok features mature user content that may require ...
1 year ago Pandasecurity.com
Rugged Laptops: What Defense and First Responders Should Look For - Guest Editorial by Mike McMahon, President, Getac North America With law enforcement and first response data being targeted by bad actors and the growing threat of cyberspace being used as a theater of war, the rugged laptops used in the defense of ...
1 year ago Americansecuritytoday.com
CISA Updates Toolkit with Nine New Resources to Promote Public Safety Communications and Cyber Resiliency - The Cybersecurity and Infrastructure Security Agency collaborates with public safety, national security, and emergency preparedness communities to enhance seamless and secure communications to keep America safe, secure, and resilient. Any ...
9 months ago Cisa.gov
US Federal Agencies Miss Deadline for Incident Response Requirements - Although US federal agencies have made progress in preparing for and responding to cyber threats, too many have failed to meet the deadline to implement incident response capabilities required by law, according to the US Government Accountability ...
1 year ago Infosecurity-magazine.com
CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code - More than half of open-source projects contain code written in a memory-unsafe language, a report from the U.S.'s Cybersecurity and Infrastructure Security Agency has found. Memory-unsafe means the code allows for operations that can corrupt memory, ...
7 months ago Techrepublic.com
CISA and Partners Release Guidance for Exploring Memory Safety in Critical Open Source Projects - This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software. This joint guidance builds on the guide The Case for Memory Safe Roadmaps by providing a starting point for software ...
7 months ago Cisa.gov
CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps - Guide encourages software manufacturesto address memory safety vulnerabilities and implement secure by design principles. WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency, in partnership with the National Security Agency, ...
1 year ago Cisa.gov
Power of Flexible Tech: Applying Conference Room Tech to Front Lines - We work with public safety, government, defense, security, and enterprise organizations to help them use unmanned systems, from drones to ground robotics, to enhance their situational awareness and streamline operations. The level of insight these ...
1 year ago Americansecuritytoday.com
CVE-2020-5252 - The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)