The US government has issued a strong warning to developers to stop using memory-unsafe programming languages like C and C++. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI) have emphasized the risks of these languages, citing that over half of critical open-source projects use them.
According to CISA, memory-safe languages such as Rust, Java, C#, Go, Python, and Swift can mitigate this risk with built-in protections against common errors. However, transitioning from C or C++ to these newer languages is a daunting task due to the sheer cost and time involved.
Many developers who have spent years mastering C are hesitant to switch to Rust or other memory-safe alternatives. Some argue that they already write secure code in C, so why change? The issue is not just about old developers being resistant to change, but also about the significant migration costs involved.
Companies will need to invest time and resources into replacing existing development tools, debuggers, and testing frameworks, as well as integrating new programs with legacy code. The CISA’s deadline of January 1st, 2026, for companies to develop roadmaps for transitioning their codebases may be challenging to meet.
While the benefits of adopting memory-safe languages are undeniable, businesses are likely to prioritize short-term profits over long-term security improvements. As a result, widespread adoption of these newer languages is unlikely in the near future.
Source: https://www.theregister.com/2024/11/08/the_us_government_wants_developers