The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws.

  • onlinepersona@programming.dev
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    5
    ·
    5 months ago

    First of all, yes CVE generating languages have been here a while, unfortunately. They are very ingrained and difficult to root out.

    But most importantly

    Ultimately, CISA recommends that software developers write new code in memory-safe languages such as Rust, Java, and GO and transition existing projects, especially critical components, to those languages.

    Fucking pay them or write them yourselves. Y’all have endless money. You can of course wait and hope the situation resolves itself, or really it along if you rely on it so much.

    Anti Commercial-AI license

    • BrikoX@lemmy.zipOPM
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      5 months ago

      Fucking pay them or write them yourselves.

      This. Refactoring the whole code is insanely time intensive, even if developers know multiple languages. All these critical components you rely on, you use without any compensation or support and then dare to complain it’s not to your security standards. Fix it, or pay for it to be fixed.

      • cybersin@lemm.ee
        link
        fedilink
        English
        arrow-up
        6
        ·
        5 months ago

        What do you mean? We have our summer intern rewriting the entire Linux kernel in Rust with the help of ChatGPT. They are set to submit the PR by Friday night.

        /s

  • cmnybo
    link
    fedilink
    English
    arrow-up
    7
    ·
    5 months ago

    Rewriting something in rust could create more vulnerabilities. You would be throwing away your well tested code and starting over from scratch in a language you may be less familiar with. A memory safe language doesn’t protect against everything.