Considering C, C++, and other memory-unsafe languages contributing to potential security breaches, the federal government is encouraging software manufacturers to ditch C/C++ and take other actions that could “reduce customer risk. According to the Product Security Best Practices report, CISA and the FBI have set a deadline of Jan. 1, 2026, for compliance with memory safety guidelines.
The software industry is increasingly moving away from the use of C and C++ for new development projects, with a target to transition by 2026. This shift is due to the inherent security risks and memory management issues commonly associated with these languages, which have been challenging to safeguard, even with advances in modern coding practices. Languages like Rust and Go, which offer memory safety and improved reliability, are becoming preferred choices for systems programming.
Memory safety has been a topic of discussion since at least 2019. The report describes memory-unsafe languages as dangerous and significantly elevates risk to national security. Development in memory-unsafe languages is the first practice the report mentions.
According to the report, languages like C and C++ provide a lot of freedom and flexibility in memory management while relying heavily on the programmer to perform the needed checks on memory references.
With Rust, for instance, memory safety issues are reduced through its strict compiler rules, making it a suitable replacement for tasks traditionally handled by C and C++. As organizations prioritize security and performance, they are embracing these newer languages for systems-level programming and critical applications, which could drastically reduce software vulnerabilities globally.
By 2026, this industry-wide shift could set new standards in software development, where safety, reliability, and efficiency take precedence, thus marking a significant transformation in how low-level programming is approached.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.