Skip to main content

The White House just warned against using these popular programming languages

A woman and a man sit together by a desk, using a graphics editing program on a computer.
Intel

Some of developers’ favorite programming languages cause the biggest security risk for systems that require the utmost safety, according to the White House.

The government sanctioned Office of the National Cyber Director (ONCD), recently released a report detailing that it is recommending that developers use various “memory-safe programming languages.” This list happens to exclude popular languages, such as C and C++, which have been deemed to have flaws in their memory safety that make them security risks.

As Tom’s Hardware points out, memory safety is the protection engrained within memory access that keeps bugs and vulnerabilities at bay. Such examples include the runtime error detection checks in Java, which is considered a memory-safe language. However, C and C++ have no safety checks and allow direct access to memory.

Several companies, including Microsoft and Google, have connected security vulnerabilities to memory safety issues with their systems. In 2019, Microsoft found that around 70% of security vulnerabilities were caused by memory safety issues. Google reported the same figure in 2020 in regard to bugs in its Chromium browser. Notably, Microsoft only recently expanded the compatibility of its own App Store to include developer use of languages such as C++.

With C and C++ being among the programming languages that don’t have built-in safety checks, the ONCD recommends against using them within large organizations, tech companies, and government entities. The advice coincides with President Joe Biden’s cybersecurity strategy to “secure the building blocks of cyberspace.”

Even so, the ONCD does not have an approved list of programming languages and has simply asked companies to use discernment with their software, while also opting for memory-safe hardware to minimize security issues. The closest these is to a sanctioned list is one devised by the National Security Agency (NSA) in 2022. The memory safe languages include:

  • Rust
  • Go
  • C#
  • Java
  • Swift
  • JavaScript
  • Ruby

Tom’s Hardware noted while these languages might past the test security-wise, many of them are not developer favorites. The publication added that the languages are in the top 20, but only four of them, C#, Java, Python, and JavaScript, are consistently popular with developers.

This report is a recommendation not, a rule. It will be interesting to see how companies and developers work with it as time goes on.

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
This AI cloned my voice using just three minutes of audio
acapela group voice cloning ad

There's a scene in Mission Impossible 3 that you might recall. In it, our hero Ethan Hunt (Tom Cruise) tackles the movie's villain, holds him at gunpoint, and forces him to read a bizarre series of sentences aloud.

"The pleasure of Busby's company is what I most enjoy," he reluctantly reads. "He put a tack on Miss Yancy's chair, and she called him a horrible boy. At the end of the month, he was flinging two kittens across the width of the room ..."

Read more
Here’s why Nvidia’s shots against AMD drivers just don’t add up
Three RTX 4080 cards sitting on a pink background.

Nvidia is no stranger to criticizing AMD, and more recently, Intel, as the three companies duke it out for the best graphics cards. Earlier this year, Nvidia jabbed at AMD for its drivers, claiming that optional or beta drivers (which AMD frequently releases) are "sub-par" and don't provide a "smooth user experience."

And Nvidia is at it again, shortly before AMD is set to release its new RX 7900 XTX graphics card.

Read more
Twitter profiles for businesses just got way more useful
A person's hands holding a smartphone as they browse Twitter on it.

Business accounts on Twitter now have a way to put their (fairly detailed) contact information front and center on their Twitter profiles.

On Thursday, the Twitter Business Twitter account announced via a tweet that the bird app's Location Spotlight feature will as of today be available globally, to "any professional."

Read more