A new joint guidance released by the U.S. Cybersecurity and Infrastructure Security Agency at partners is warning of the widespread and costly prevalence of memory safety vulnerabilities in critical open-source projects and an urgent need for software manufacturers to adopt memory-safe programming practices. The Exploring Memory Safety in Critical Open Source Projects guidance, created by CISA in partnership with the Federal Bureau of Investigation, Australian Signals Directorate’s Australian Cyber Security Centre and the Canadian Centre for Cyber Security, found that that over half of the analyzed critical open-source projects contain code written in memory-unsafe languages.

Source: SiliconANGLE