New CISA Guidance to Address Memory Safety Vulnerabilities in Open-Source Software

The Cybersecurity and Infrastructure Security Agency has collaborated with the FBI, the Australian Cybersecurity Centre and the Canadian Cyber Security Center to release the guidance titled Exploring Memory Safety in Critical Open Source Subjects.

The document, which builds on a previous guide called The Case for Memory Safe Roadmaps, offers insights into the extent of memory safety vulnerabilities within some open-source software, CISA said.

Moreover, the new guidance provides software developers with a road map for addressing memory safety issues, particularly within external dependencies heavily reliant on OSS.

CISA recommends that organizations and software manufacturers review the guidance to minimize memory safety weaknesses, make informed decisions, understand risks in open-source software, evaluate methods to mitigate risks and sustain efforts in pushing software developers to employ risk-reduction measures.

The initiative also aligns with the 2023 National Cybersecurity Strategy’s focus on prioritizing memory safety, fostering collaboration with the OSS community and developing memory-safe programming languages.