Yael Grauer‪Nov 11, 2022
NSA calls for a strategic shift to memory safe languages. https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF
Show threadJimmy WylieNov 11, 2022

@yaelwrites

“Breaking News: NSA finally reads decades-old programming language security research” 😃.

At this point it seems this advice boils down to:
“Use a runtime garbage collected language or Rust” Or the inverse: “Don’t use C, C++, or assembly, or any other language with unchecked pointer access”

Show threadYael Grauer‪
@mayahustle it IS breaking news, though! oh and you forgot sandboxes i think
Nov 11, 2022 at 6:21pmWeb
Show threadJimmy WylieNov 11, 2022

@yaelwrites
💯 I agree. (And +1 to sandboxes)

I just can’t help chuckling at the situation: An organization, typically considered at the bleeding edge of cybersecurity, publishing a paper on a decades-old idea.
Then again maybe that’s exactly what they’re thinking: “hey we know what we’re doing, and this idea still applies!”

Show threadYael Grauer‪Nov 11, 2022
@mayahustle I mean it's a decades-old idea, but which large orgs have fully implemented it? Uh, none.