The NSA calls for software developers to fix memory safety issues: Why should credit unions care?
by GREG CRANDELL, QUERY CONSULTING GROUP
Cybersecurity leaders and solution vendors have made progress developing and implementing solutions across enterprises to combat malware and the bad guys who deliver it. But blind spots remain, and they leave gaping holes in the security infrastructure everywhere, including at credit unions. The National Security Agency’s (NSA) recognition of one significant blind spot, software memory, focuses attention on the need for software developers to fix the “in-memory vulnerabilities” in almost all deployed software.
For the NSA, that guidance calls for a strategic shift: “Memory issues in software comprise a large portion of the exploitable vulnerabilities in existence. NSA advises organizations to consider making a strategic shift from programming languages that provide little or no inherent memory protection, to a memory safe language when possible. By using memory safe languages and available code hardening defenses, many memory vulnerabilities can be prevented, mitigated, or made very difficult for cyber actors to exploit,” the NSA concludes.
To see NSA’s detailed recommendations, go here NSA SOFTWARE MEMORY SAFETY.
Will software developers take heed and act? Can they? Given the billions of lines of code written and deployed, can we expect to see the NSA’s call to action prompt wholesale change? Probably not. Certainly not any time soon. And this means we all remain vulnerable to the significant risks in-memory software weaknesses expose us to.
So, if the NSA’s call to action is a “heavy lift”, why is it still impactful? And why should credit unions care?
Evaluate OnSystem Defender
Sign up to evaluate OnSystem Defender, and to identify and recommend enhancements.