CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

As part of the Secure by Design campaign, CISA has published The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously in collaboration with the following partners:

• United States National Security Agency
• United States Federal Bureau of Investigation
• Australian Signals Directorate’s Australian Cyber Security Centre
• Canadian Centre for Cyber Security
• United Kingdom National Cyber Security Centre
• New Zealand National Cyber Security Centre
• Computer Emergency Response Team New Zealand

Malicious cyber actors routinely exploit memory safety vulnerabilities, which are common coding errors and the most prevalent type of disclosed software vulnerability. Preventing and responding to these vulnerabilities cost both software manufacturers and their customer organizations significant time and resources.

The Case for Memory Safe Roadmaps details how software manufacturers can transition to memory safe programming languages (MSLs) to eliminate memory safety vulnerabilities. The guidance provides manufacturers steps for creating and publishing memory safe roadmaps that will show their customers how they are owning security outcomes, embracing radical transparency, and taking a top-down approach to developing secure products—key Secure by Design tenets.

CISA and our partners urge C-suite and technical experts at software manufacturers to read this guidance and implement memory safe roadmaps to eliminate memory safety vulnerabilities from their product.