https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3215760/nsa-releases-guidance-on-how-to-protect-against-software-memory-safety-issues/

Skip to main content (Press Enter).
Toggle navigation
Home Logo: National Security Agency I Central Security Service Home
National Security Agency/Central Security Service
NSA/CSS
Search
Search NSA: [                    ] Search
Search NSA: [                    ] Search

  * About
      + Leadership
      + Mission & Combat Support
      + Cybersecurity
      + Signals Intelligence
      + Central Security Service
      + Locations
      + Cybersecurity Collaboration Center
      + Research
      + Diversity, Equity, Inclusion & Accessibility
  * Press Room
      + Cybersecurity Advisories & Guidance
      + Telework and Mobile Security Guidance
      + Press Releases & Statements
      + News & Highlights
      + Declassification & Transparency Initiatives
      + Research Publications
  * Careers
  * History
      + National Cryptologic Museum
      + Cryptologic History
      + National Cryptologic Memorial

HomePress RoomNews & HighlightsArticle
CSI: Software Memory Safety
PHOTO INFORMATION
 Download
 Details
 Share
CSI: Software Memory Safety
CSI: Software Memory Safety
Press Release | Nov. 10, 2022

NSA Releases Guidance on How to Protect Against Software Memory
Safety Issues

FORT MEADE, Md. -- The National Security Agency (NSA) published
guidance today to help software developers and operators prevent and
mitigate software memory safety issues, which account for a large
portion of exploitable vulnerabilities.
 
The "Software Memory Safety" Cybersecurity Information Sheet
highlights how malicious cyber actors can exploit poor memory
management issues to access sensitive information, promulgate
unauthorized code execution, and cause other negative impacts.
 
"Memory management issues have been exploited for decades and are
still entirely too common today," said Neal Ziring, Cybersecurity
Technical Director. "We have to consistently use memory safe
languages and other protections when developing software to eliminate
these weaknesses from malicious cyber actors."
 
Microsoft and Google have each stated that software memory safety
issues are behind around 70 percent of their vulnerabilities. Poor
memory management can lead to technical issues as well, such as
incorrect program results, degradation of the program's performance
over time, and program crashes.
 
NSA recommends that organizations use memory safe languages when
possible and bolster protection through code-hardening defenses such
as compiler options, tool options, and operating system
configurations.
 
Read the full report here.
 
Visit our full library for more cybersecurity information and
technical guidance.
 
---------------------------------------------------------------------
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721
 

SHARE

PRINT

Related Press Advisories

NSA, CISA, FBI Warn of Custom Exfiltration Tools Being Used Against
Defense Industrial Base Organization
NSA, CISA, FBI Reveal Top CVEs Exploited by Chinese State-Sponsored
Actors
ESF Partners, NSA, and CISA Release Software Supply Chain Guidance
for Suppliers

Related Documents

CSI: Software Memory Safety
Cybersecurity Information Sheet CSI Cybersecurity Guidance software
memory safety

NSA.GOV

  * About
  * Leadership
  * Cybersecurity Collaboration
    Center
  * National Cryptologic Museum
  * Contact NSA
  * Accessibility
  * ABA Notice
  * Site Policies

CULTURE

  * Core Values
  * Operating Authorities
  * Civil Liberties, Privacy, & Transparency Office

  * Diversity, Equity, Inclusion, & Accessibility

  * General Counsel
  * NSA Inspector General

HELPFUL LINKS

  *  
  * NSA Freedom of Information Act
  * Privacy Act Requests
  * Request a Speaker
  * Prepublication Review
  * Media Inquiry
  * Frequently Asked Questions

RESOURCES

  * Classified Materiel Conversion
  * Commercial Solutions for Classified Program (CSfC) 
  * Cryptographic Support Services
  * Media Destruction Guidance
  * NSA Open Source
  * NSA Exhibit Roadshow

RELATED LINKS

  * DNI.gov
  * Defense.gov
  * IC on the Record
  * Intelligence.gov

  * NSA.GOV
      + About
      + Leadership
      + Cybersecurity Collaboration Center
      + National Cryptologic Museum
      + Contact NSA
      + Accessibility
      + ABA Notice
      + Site Policies
  * CULTURE
      + Core Values
      + Operating Authorities
      + Civil Liberties & Privacy
      + Diversity, Equity, Inclusion, & Accessibility
      + General Counsel
      + NSA Inspector General
  * HELPFUL LINKS
      + NSA Freedom of Information Act
      + Privacy Act Requests
      + Frequently Asked Questions
      + Request a Speaker
      + Prepublication Review
      + Media Inquiry
  * RESOURCES
      + Commercial Solutions for Classified Material (CSFC)
      + Media Destruction Guidance
      + Classified Materiel Conversion
      + Cross Domain Services
      + NSA Open Source
      + NSA Exhibit Roadshow
  * RELATED LINKS
      + DNI.gov
      + Defense.gov
      + IC on the Record
      + Intelligence.gov

  * Privacy & Security     Links Disclaimer     Section 508     Web
    Policy     Plain Writing Act    DOD IG    No FEAR Act    Imagery
    Use    FOIA    Open GOV    Strategic Plan    USA.gov    Small
    Business Act    Site Map  

 
Hosted by Defense Media Activity - WEB.mil