"The development of new product lines for use in service of critical infrastructure or [national critical functions] NCFs in a memory-unsafe language (e.g., C or C++) where there are readily available alternative memory-safe languages that could be used is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety," the report says.
"Putting all new code aside, fortunately, neither this document nor the U.S. government is calling for an immediate migration from C/C++ to Rust — as but one example," he said. "CISA's Secure by Design document recognizes that software maintainers simply cannot migrate their code bases en masse like that."
But for all new code, bros it's ogre.
"For existing products that are written in memory-unsafe languages, not having a published memory safety roadmap by Jan. 1, 2026, is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety," the report said.
It's ogre.
Jump in the discussion.
No email address required.
Don't care
Jump in the discussion.
No email address required.
More options
Context