{"id":199552,"date":"2023-10-10T17:20:05","date_gmt":"2023-10-10T17:20:05","guid":{"rendered":"https:\/\/www.internetsociety.org\/?post_type=resources&#038;p=199552"},"modified":"2025-03-07T19:19:07","modified_gmt":"2025-03-07T19:19:07","slug":"how-to-talk-to-your-manager-about-memory-safety","status":"publish","type":"resources","link":"https:\/\/www.internetsociety.org\/resources\/doc\/2023\/how-to-talk-to-your-manager-about-memory-safety\/","title":{"rendered":"How to Talk to Your Manager About Memory Safety"},"content":{"rendered":"\n<p><em>This document is written and published in collaboration with <a href=\"https:\/\/www.consumerreports.org\/\">the Consumers Reports<\/a>.<\/em><\/p>\n\n\n\n<p>Managing computer memory securely is critical for ensuring that software functions as intended and for avoiding memory vulnerabilities that could be exploited to disrupt, intercept, or take over computer systems. However, it is also a commonly neglected aspect of enterprise security.<\/p>\n\n\n\n<p>Memory safety vulnerabilities are everywhere, and they\u2019re dangerous. They make up between 60 and 90 percent of all software flaws across software written in memory-unsafe languages.<sup><a href=\"#1\">1<\/a><\/sup> They also represent a very high fraction of zero-day vulnerabilities.<sup><a href=\"#2\">2<\/a><\/sup><\/p>\n\n\n\n<p>To increase memory safety in the software your organization is using, wherever possible:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>use software that has been developed in a memory-safe language.<\/li>\n\n\n\n<li>ask developers to build your software in a memory-safe language.<\/li>\n\n\n\n<li>increase internal expertise in memory-safe coding.<\/li>\n\n\n\n<li>choose software vendors that prioritize memory safe language adoption and use.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cover is-light\"><span aria-hidden=\"true\" class=\"wp-block-cover__background has-neutral-white-background-color has-background-dim-100 has-background-dim\"><\/span><div class=\"wp-block-cover__inner-container is-layout-constrained wp-block-cover-is-layout-constrained\">\n<h2 class=\"wp-block-heading\">What Is Memory Safety?<\/h2>\n\n\n\n<p><strong>Memory safety <\/strong>is a term used to describe whether software or a programming language is designed to prevent memory bugs and vulnerabilities. Typically, software or a programming language is described as memory-safe or not.<\/p>\n\n\n\n<p><strong>Memory-safe languages <\/strong>incorporate <em>automatic <\/em>memory management, which means that they only allow for safe reads and writes, and they safely free memory when it is no longer needed. A memory-unsafe language does not do this; engineers must manually manage memory allocations, a slow and painstaking process that is rarely done entirely correctly, even by highly experienced programmers. Even with help from automation, it\u2019s basically impossible to identify all vulnerabilities and prevent false positives. Attempting to fix these vulnerabilities also adds the risk of inadvertently introducing further vulnerabilities.<\/p>\n\n\n\n<p><strong>Memory bugs and vulnerabilities <\/strong>arise when a program mismanages memory, including access,<sup><a href=\"#3\">3<\/a><\/sup> allocation,<sup><a href=\"#4\">4<\/a><\/sup> and buffer control.<sup><a href=\"#5\">5<\/a><\/sup> This can lead to poor performance and application failure, and it makes software much more vulnerable to exploits.<\/p>\n\n\n\n<p><strong>Memory safety bugs and vulnerabilities <\/strong>include:<\/p>\n\n\n\n<p>Buffer overflow: overwriting of memory locations adjacent to a buffer boundary. Data provided by an end user may overwrite program data, and even lead to unauthorized code execution. This may allow users to read other people\u2019s data and\/or take control of the machine running the unsafe code.<sup><a href=\"#6\">6<\/a><\/sup> For example, the Heartbleed vulnerability in OpenSSL allowed attackers to access encrypted personal and sensitive data across a wide range of websites.<sup><a href=\"#7\">7<\/a><\/sup><\/p>\n\n\n\n<p>Use after free: The pointer continues to point to memory that has been deallocated. This may allow a user to read data that has been deleted.<\/p>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading has-32-font-size\">What Are Some Common Memory-Safe Languages?<\/h3>\n\n\n\n<p>Rust, C#, Go, Java, Ruby, Python, JavaScript, Swift.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What Are Some Common Memory-<em>Unsafe <\/em>Languages?<\/h3>\n\n\n\n<p>C, C++, Assembly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Why Does It Matter?<\/h3>\n\n\n\n<p><strong>Protects against intrusion and data breaches: <\/strong>Memory safety bugs and vulnerabilities are exploited by attackers to access enterprise data, deploy ransomware, disrupt or deny service, and otherwise harm an organization\u2019s systems, customers, and business partners. These vulnerabilities could be avoided by switching to memory-safe code. The average cost of data breaches to enterprises is now above $4 million (USD) per incident.<sup><a href=\"#8\">8<\/a><\/sup><\/p>\n\n\n\n<p><strong>Demonstrates that your organization cares about security-by-design: <\/strong>Writing and using software in memory-safe code is a practical example of security-by-design.<\/p>\n\n\n\n<p><strong>Potential advantage in government contracts: <\/strong>Even if governments do not require the software they use to be developed using memory-safe code today, they may in the future, and it could be one of the factors they take into consideration when choosing a commercial provider.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How Do You Figure Out Where You\u2019re Exposed and How to Fix It?<\/h3>\n\n\n\n<p>The first step is to know exactly what software your organization is using, as well as understanding the whole supply chain for that software. Modern software often pulls in third-party code, such as software libraries from multiple sources. Then, the best next step is to figure out where the biggest source of risk is. That might be the component with the most vulnerabilities reported the prior year, or network and privilege boundaries. You might need to reach out to external security experts and check the results of public code reviews. Then see what the blockers are to memory-safe solutions and start knocking the barriers down.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Do You Have to Do Everything All at Once?<\/h3>\n\n\n\n<p>In a word, no. A good way to get started is by focusing on your most critical libraries and packages and directly exposed attack surface. In addition to rewriting some code in a memory-safe language, you may also want to sandbox, that is, software-isolate unsafe code that can\u2019t be easily rewritten.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What Is a Simple Step to Get Started?<\/h3>\n\n\n\n<p>One way to get started is to add a new memory-safe component to an existing C\/C++ project.<\/p>\n\n\n\n<p>Some examples of this approach include Rust components shipped in Firefox 56 and 57, AWS building critical services in Rust, <a href=\"https:\/\/security.googleblog.com\/2023\/01\/supporting-use-of-rust-in-chromium.html\">Chrome adding limited support for Rust components<\/a>, Windo<a href=\"https:\/\/twitter.com\/dwizzzleMSFT\/status\/1636443763827707904\">ws adding Rust components to the kernel<\/a>, <a href=\"https:\/\/docs.kernel.org\/rust\/index.html\">the Linux kernel adding support for Rust<\/a><strong>, <\/strong>and the majority of Android 13\u2019s new code being memory-safe.<\/p>\n\n\n\n<p>You can also work on incremental migrations or migrations of individual components, such as replacing a single Apache module using Rustls, which you can do without learning how to code in Rust.<\/p>\n\n\n\n<p>You can also commit to making sure all new code is memory-safe.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Why Is This Worth the Cost?<\/h3>\n\n\n\n<p>Memory safety is an up-front investment that will reduce your long-term support costs. Having fewer vulnerabilities will reduce an expensive triage process, and you\u2019ll have fewer stability problems and nonsecurity crashes as well as performance improvements due to concurrency.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Where Can I Find Existing Open Source Memory-Safe Code?<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/google?language=rust\"><strong>Google Rust open source<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/orgs\/mozilla\/repositories?q=rust&amp;type=all&amp;language&amp;sort\"><strong>Mozilla open source<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/memorysafety\"><strong>ISRG Prossimo<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/rustls\/rustls\"><strong>Rustls<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Audits of Rust Open Source Crates<\/strong><br>Google and Mozilla publish their audits of their open source Rust crates on GitHub at <a href=\"https:\/\/github.com\/google\/rust-crate-audits\">https:\/\/github.com\/google\/rust-crate-audits<\/a> and <a href=\"https:\/\/github.com\/mozilla\/supply-chain\">https:\/\/github.com\/mozilla\/supply-chain<\/a>. You can use these audits to decide whether the \u201ccrates meet the security, correctness, and testing requirements for your projects.\u201d<sup><a href=\"#9\">9<\/a><\/sup><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What Can We Do While We Are Making the Shift to Memory-Safe Code?<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Code review, code review, code review.<\/li>\n\n\n\n<li>Use <a href=\"https:\/\/alexgaynor.net\/2019\/apr\/21\/modern-c%2B%2B-wont-save-us\/\">some modern C++ idioms<\/a> that can help produce more safe and reliable code.<\/li>\n\n\n\n<li>Use <a href=\"https:\/\/llvm.org\/docs\/LibFuzzer.html\">fuzzers<\/a> and <a href=\"https:\/\/clang.llvm.org\/docs\/AddressSanitizer.html\">sanitizers<\/a> to help find bugs before they make it into production.<\/li>\n\n\n\n<li>Use exploit mitigations to help increase the difficulty of exploiting vulnerabilities (such as addressing space layout randomization, orASLR, to mitigate buffer overflow attacks).<\/li>\n\n\n\n<li>Use privilege separation so that even when a vulnerability is exploited, the attacker has limited access.<sup><a href=\"#10\">10<\/a><\/sup><\/li>\n<\/ul>\n\n\n\n<p>But remember, though these steps may help, they do not result in memory safe code or memory safety.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What Are Other Ways Our Organization Can Support Memory Safety?<\/h3>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\">\n<li>Join other organizations in funding open source initiatives, such as Internet Security Research Group\u2019s Prossimo.<sup><a href=\"#11\">11<\/a><\/sup><\/li>\n\n\n\n<li>Share your memory-safe coding expertise with open source projects. Give your software developers time to volunteer their skills and effort.<\/li>\n\n\n\n<li>Inform your customers when your products use memory-safe code.<\/li>\n\n\n\n<li>Ask your software suppliers to use memory-safe code in their products.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-18-font-size\"><strong>Endnotes<\/strong><\/p>\n\n\n\n<p class=\"has-18-font-size\" id=\"1\"><sup>1<\/sup> \u201cWhat is memory safety and why does it matter?\u201d <em>Prossimo, <\/em><a href=\"https:\/\/www.memorysafety.org\/docs\/memory-safety\/\">https:\/\/www.memorysafety.org\/docs\/memory-safety\/<\/a>; \u201cQueue the Hardening Enhancements,\u201d <em>Google Security Blog, <\/em>May 9, 2019<\/p>\n\n\n\n<p class=\"has-18-font-size\" id=\"2\"><sup>2<\/sup> Examples: <a href=\"https:\/\/twitter.com\/LazyFishBarrel\/status\/1129000965741404160\">https:\/\/twitter.com\/LazyFishBarrel\/status\/1129000965741404160<\/a> and <a href=\"https:\/\/source.android.com\/docs\/security\/test\/memory-safety\">https:\/\/source.android.com\/docs\/security\/test\/memory-safety<\/a>.<\/p>\n\n\n\n<p class=\"has-18-font-size\" id=\"3\"><sup>3<\/sup> <strong>Memory access: <\/strong>How a program reads and writes to memory.<\/p>\n\n\n\n<p class=\"has-18-font-size\" id=\"4\"><sup>4<\/sup> <strong>Memory allocation: <\/strong>This is the process of reserving sections of memory in a program to be used for specific purposes.<\/p>\n\n\n\n<p class=\"has-18-font-size\" id=\"5\"><strong><sup>5<\/sup><\/strong><strong> <\/strong><strong>Buffer control: <\/strong>This refers to how a program manages how memory is temporarily stored in the buffer before it is moved between one place and another, e.g., between data processors, or input and output devices, or being sent over the network. The buffer helps smooth out variations in the data.<\/p>\n\n\n\n<p class=\"has-18-font-size\" id=\"6\"><sup>6<\/sup> Fernando Diaz, \u201cHow to secure memory-safe vs. manually managed languages,\u201d <em>GitLab, <\/em>March 14, 2023<\/p>\n\n\n\n<p class=\"has-18-font-size\" id=\"7\"><sup>7<\/sup> \u201cOpenSSL \u2018Heartbleed\u2019 vulnerability (CVE-2014-0160),\u201d <em>Cybersecurity &amp; Infrastructure Security Agency,<\/em> last revised October 5, 2016<\/p>\n\n\n\n<p class=\"has-18-font-size\" id=\"8\"><sup>8<\/sup> \u201cCost of a Data Breach Report 2023,\u201d <em>IBM, <\/em><a href=\"https:\/\/www.ibm.com\/reports\/data-breach\">https:\/\/www.ibm.com\/reports\/data-breach<\/a><\/p>\n\n\n\n<p class=\"has-18-font-size\" id=\"9\"><sup>9<\/sup> \u201cOpen sourcing our Rust crate audits,\u201d <em>Google Open Source Blog, <\/em>May 23, 2023, <a href=\"https:\/\/opensource.googleblog.com\/2023\/05\/open-sourcing-our-rust-crate-audits.html\">https:\/\/opensource.googleblog.com\/2023\/05\/open-sourcing-our-rust-crate-audits.html<\/a>. <\/p>\n\n\n\n<p class=\"has-18-font-size\" id=\"10\"><sup>10<\/sup> \u201cWhat is memory safety and why does it matter?\u201d <em>Prossimo, <\/em><a href=\"https:\/\/www.memorysafety.org\/docs\/memory-safety\/\">https:\/\/www.memorysafety.org\/docs\/memory-safety\/<\/a><\/p>\n\n\n\n<p class=\"has-18-font-size\" id=\"11\"><sup>11<\/sup> <em>Prossimo, <\/em><a href=\"https:\/\/www.memorysafety.org\/\">https:\/\/www.memorysafety.org\/<\/a>.<\/p>\n\n\n\n<p>The appendix is available in the <a href=\"https:\/\/www.internetsociety.org\/wp-content\/uploads\/2023\/10\/Memory-Safety.pdf\">PDF version of the document<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn about memory safety, memory-safe languages, common bugs and vulnerabilities, and the reasons for memory safe language adoption and use.<\/p>\n","protected":false},"author":46,"featured_media":0,"template":"","categories":[51,4898],"tags":[],"region_news_regions":[5931],"content_category":[6090],"ppma_author":[4057],"class_list":["post-199552","resources","type-resources","status-publish","hentry","category-security","category-strong-internet","region_news_regions-global","resource_types-resource","content_category-resources-type"],"acf":[],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"post-thumbnail":false,"square":false,"gform-image-choice-sm":false,"gform-image-choice-md":false,"gform-image-choice-lg":false},"uagb_author_info":{"display_name":"Ivana Trbovic","author_link":"https:\/\/www.internetsociety.org\/author\/trbovic\/"},"uagb_comment_info":0,"uagb_excerpt":"Learn about memory safety, memory-safe languages, common bugs and vulnerabilities, and the reasons for memory safe language adoption and use.","_links":{"self":[{"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/resources\/199552","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/resources"}],"about":[{"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/types\/resources"}],"author":[{"embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/users\/46"}],"wp:attachment":[{"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/media?parent=199552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/categories?post=199552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/tags?post=199552"},{"taxonomy":"region_news_regions","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/region_news_regions?post=199552"},{"taxonomy":"content_category","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/content_category?post=199552"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/ppma_author?post=199552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}