NSA’s Plea: Stop Using C and C++ (Because You’re Idiots)
The C and C++ languages are unsafe. Instead, the U.S. National Security Agency would like devs to use memory-safe languages—because most security vulnerabilities are caused by bugs in memory usage.
Neal Ziring (pictured), the NSA Cybersecurity Directorate director, says all you programmers are making “simple mistakes” that are “still entirely too common.” He’s talking about problems such as buffer overflows and use-after-free bugs.
His prescription: Switch to languages such as Rust, like some of the Linux kernel team are doing. In today’s SB Blogwatch, we’re only slightly sarcastic.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: World’s biggest Ponzi scheme.
Don’t Shoot the Messenger
What’s the craic? Laura Dobberstein reports—“NSA urges orgs to use memory-safe programming languages”:
“C and C++ are particularly problematic”
The … NSA has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory safe alternatives — namely C#, Rust, Go, Java, Ruby or Swift. … The org’s main concern is that malicious cyber actors may exploit vulnerabilities in poorly managed memory, which occurs more frequently in the languages that give more options and flexibility to the programmer.
…
Memory safe languages use a combination of compile time and runtime checks that automatically protect the programmer from introducing mistakes that turn into vulnerabilities. … Rust users have tripled between Q1 2020 and Q1 2022.
…
The NSA’s assertion that C and C++ are particularly problematic is a popular opinion. Microsoft Azure CTO Mark Russinovich laid out his case in September that it’s time to halt any new projects in the two. [But he] himself had added to his already 85,000 lines of Sysinternals C/C++ code just the night prior to his tweet.
Do as I say, not as I do? Nick Farrell adds—“NSA wants companies to move to memory safe languages”:
“Software memory safety issues”
In its “Software Memory Safety” Cybersecurity Information Sheet the NSA says that malicious cyber actors can exploit poor memory management issues to access sensitive information, promulgate unauthorized code execution, and cause other negative impacts. [NSA] Cybersecurity Technical Director Neal Ziring said: … “We have to consistently use memory safe languages and other protections when developing software to eliminate these weaknesses.”
…
Microsoft and Google have each stated that software memory safety issues are behind around 70% of their vulnerabilities. Poor memory management can lead to technical issues as well, such as incorrect program results, degradation of the program’s performance over time, and program crashes.
Seventy percent??? Neal Ziring and friends expand on their theme—“Software Memory Safety”:
“Memory vulnerabilities can be prevented”
Modern society [is] implicitly trusting developers to write software that operates in the expected way and cannot be compromised for malicious purposes. [But] exploitable software vulnerabilities are still frequently based on memory issues. Examples include overflowing a memory buffer and leveraging issues with how software allocates and deallocates memory.
…
Commonly used languages, such as C and C++, provide a lot of freedom and flexibility in memory management while relying heavily on the programmer to perform the needed checks on memory references. Simple mistakes can lead to exploitable memory-based vulnerabilities. … NSA recommends using a memory safe language when possible.
…
Analyzing the software using static and dynamic application security testing [can’t] make non-memory safe code totally memory safe. [And] bypassing ASLR and DEP is not insurmountable to a malicious actor. … By using memory safe languages and available code hardening defenses, many memory vulnerabilities can be prevented, mitigated, or made very difficult for cyber actors to exploit.
Wow. What do C++ mavens think of that? Actually, they kinda agree—according to tialaramex:
The current set of papers for WG21—the “C++ Standards Committee”—includes more than one [saying] we should stop saying C and C++ are unsafe … but obviously the standout is P2687 from Bjarne Stroustrup and Gabriel Dos Reis. … It wrings its hands about the propensity of programmers to write bad code.
…
Bjarne and Gaby describe the situation … as an “Emergency.” [But it] doesn’t really spend much time explaining how, if at all, they would solve the problem (beyond vaguely “static analysis”).
…
Nobody in government should take anything like this seriously until the actual problem gets solved.
There it is again—it’s devs’ fault, for writing bad code. DaPhil calls it a “No-Brainer”:
This is so obvious that it is amazing it took so long to point this out. … Most human beings suck at writing good code. So the more help we can get from the language we use the better.
Is it possible to write good code in C? Sure! Its just way harder than doing the same thing in Java or [Rust].
But is it fair to call Java “safe”? sitta_europea eyerolls thuswise:
What’s all this about Java? … Weren’t some of the biggest recent disasters written in [it] (log4j, npm)? You can demonstrate incompetence in any computer language.
Is this a good hill for the NSA to die on? mark_l_watson thinks so:
I thought it sad how, once 9/11 happened with the side-tracked war on terrorism, the NSA and FBI apparently … stopped doing much of the previous great work on public support for computer security. … As a US taxpayer, I would like to see them prioritize that type of work.
Of course, we’ve been here before. Get off david.emery’s lawn:
Ada, of course, is a memory-safe language by design since the original Ada83 version. And NSA did some work with the verifiable SPARK subset and proof tools. Yet another opportunity lost when the DoD walked away from its substantial investment in Ada because, “It’s not what industry is doing,” (as if ‘what industry is doing’ was a justification).
…
I remember NSA at Ada meetings. … I was sitting at a SIGAda meeting in the late ’80s, the guy next to me had a badge that had his name and “US DoD.”
I said to him, “You must work at NSA.” …
He was not happy, and said, “Yeah. … How did you know?”
“Everyone else here from DoD lists [their] agency. Only NSA says US DoD.”
Meanwhile, this Anonymous Coward is, perhaps, old and cynical:
Perhaps I’m old and cynical, but I can’t help but feel that, “It’ll take decades before we clean up this mess,” should really be, “It’ll take decades before we replace this mess with a different mess.”
And Finally:
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: NSA
