CISA: Critical Open-Source Projects Memory-Unsafe, Vulnerable to Hacks

A recent report by the Cybersecurity and Infrastructure Security Agency has found a security vulnerability in critical open-source software.

The findings revealed that more than half of 172 open-source projects identified by the Open Source Security Foundation contain code written in programming languages that lack built–in memory management, Nextgov/FCW reported.

Moreover, the report noted that the 10 largest open-source projects have at least a quarter of their code written in memory-unsafe programming languages, risking data spillover and potential hacking.

Memory-unsafe languages require manual memory management by developers, increasing the possibility of errors that can create vulnerabilities.

CISA urged software developers to adopt memory-safe practices to mitigate the said risks and enhance the security of open-source tools, which underpin a vast portion of IT infrastructure across government agencies and private companies.

The findings come amid growing security concerns about open-source software that are often freely downloadable and heavily reliant on community contributions for updates and maintenance.