The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has analyzed 172 critical open source projects and found that more than half contain code written in languages like C and C++ that are not naturally memory safe. What’s more, projects written in memory-safe languages may still be exposed to memory vulnerabilities through unsafe dependencies.

Source: The Register