"The development of new product lines for use in service of critical infrastructure or [national critical functions] NCFs in a memory-unsafe language (e.g., C or C++) where there are readily available alternative memory-safe languages that could be used is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety," the report says.
"Putting all new code aside, fortunately, neither this document nor the U.S. government is calling for an immediate migration from C/C++ to Rust — as but one example," he said. "CISA's Secure by Design document recognizes that software maintainers simply cannot migrate their code bases en masse like that."
But for all new code, bros it's ogre.
"For existing products that are written in memory-unsafe languages, not having a published memory safety roadmap by Jan. 1, 2026, is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety," the report said.
It's ogre.
Jump in the discussion.
No email address required.
You'll see more projects use JS and C# than go to rust.
Source: I literally work managing "software factories" in the DoD
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
They love their libraries
I fricking hate them.
Jump in the discussion.
No email address required.
More options
Context
npm update
is the most secure thing ever, no Chinese could ever get into ourleftpad
production chain.Jump in the discussion.
No email address required.
maneconomicunitJump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
Bro C# was made for DOD glue sniffers
Jump in the discussion.
No email address required.
That's like 90% of software degelopers
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context