.png){kind=logo}
- Insights
- Cryptocurrencies
- Stocks
- White Papers
- Industry
- Geography
- Insights
- Cryptocurrencies
- Stocks
- White Papers
- Industry
- Geography
Memory-safe Programming Languages for Developers: Memory safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers. For example, Java is said to be memory-safe because its runtime error detection checks array bounds and pointer dereferences. In this article we will discuss why memory-safe programming languages are necessary.
Extreme. A recent study found that 60-70% of vulnerabilities in iOS and macOS are memory safety vulnerabilities. Microsoft estimates that 70% of all vulnerabilities in their products over the last decade have been memory safety issues. Google estimated that 90% of Android vulnerabilities are memory safety issues. An analysis of 0-days that were discovered being exploited in the wild found that more than 80% of the exploited vulnerabilities were memory safety issues.
Using memory-safe programming languages is not a silver bullet that guarantees all memory-safe vulnerabilities will disappear. However, if used properly, a memory-safe language can dramatically decrease the chances of having a memory vulnerability in the application. The idea behind memory-safe programming languages is that the developer doesn't have to do anything special to protect memory.
In 2022, the NSA has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory-safe alternatives – namely C#, Rust, Go, Java, Ruby or Swift.
"NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations," advised the agency.
The org's main concern is that miscreants may exploit vulnerabilities in code that poorly manages memory, which occurs more frequently in the languages that give more options and flexibility to the programmer.
The NSA gives the examples of a threat actor finding their way into a system through a buffer overflow or by leveraging software memory allocation shortcomings.
C# is a general-purpose high-level programming language supporting multiple paradigms. C# encompasses static typing, strong typing, lexically scoped, imperative, declarative, functional, generic, object-oriented, and component-oriented programming disciplines. It is one of the best memory-safe programming languages for developers.
Rust was built to support system-level programmers who write low-level, byte-tweaking code. It offers access to the raw bits and expects programmers to use it. The language is designed to cohabitate with much of the old C or assembly language code that's part of the lower levels of operating systems and network stacks.
Java is the official language for Android mobile app development. In fact, the Android operating system itself is written in Java. Even though Kotlin has recently become an alternative to using Java for Android development, Kotlin still uses the Java Virtual Machine and can interact with Java code. It is one of the best memory-safe programming languages for developers.
Although Ruby is probably most famous for its use in web development, it has many other uses, too. Some of these include automation, command-line tools, static site generation, DevOps, web scraping, and data processing. Perhaps most importantly, Ruby is a highly versatile and portable language.
Swift uses LLVM as its compiler framework, which translates the assembly language to the machine code and optimizes it. This means you use less code than you would with Objective-C, making development faster. It is one of the best memory-safe programming languages for developers.
