This is the government's strongest stance yet on software security, which puts manufacturers on notice: fix dangerous coding practices or risk being labeled as negligent.
Software manufacturers should build products in a manner that systematically prevents the introduction of memory safety vulnerabilities, such as by using a memory safe language or hardware capabilities that prevent memory safety vulnerabilities. Additionally, software manufacturers should publish a memory safety roadmap by January 1, 2026.
My interpretation is that smart pointers are allowed, as long it’s systematically enforced. Switching to a memory safe language is just one example.
From the original document:
My interpretation is that smart pointers are allowed, as long it’s systematically enforced. Switching to a memory safe language is just one example.