United States
Australia
United Kingdom
Europe
New Zealand
Canada
The National Security Agency and the Cybersecurity and Infrastructure Security Agency are urging software makers to adopt memory-safe programming languages, publishing new joint guidance designed to curb a leading source of security flaws.
The Cybersecurity Information Sheet outlines how languages that enforce memory safety can block entire classes of bugs that attackers routinely exploit. The document explains that these languages build in guardrails—including automatic memory management, bounds checks and protections against data races—so developers don’t have to implement them by hand.
The guidance emphasizes practical migration paths. Rather than mandating wholesale rewrites, it recommends incremental adoption, interoperability with existing codebases, and targeted refactoring of high-risk components. For organizations that must continue using languages without built-in memory safety, the paper also describes ways to harden those environments and reduce exposure.
Beyond security, the agencies say teams can expect gains in reliability and developer productivity when they move to memory-safe tooling. The paper includes examples and case studies to illustrate the impact and tradeoffs.
The release targets a broad audience but singles out software producers that support National Security Systems and critical infrastructure, urging them to begin planning for memory-safe development as part of their long-term engineering roadmaps.
Memory safety issues have historically accounted for a large share of serious software vulnerabilities across the industry, contributing to breaches, crashes and service disruptions. The agencies frame language choice as a foundational control that can prevent these failures before they reach production.
The full report, Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development, is available on the Department of Defense website: http://media.defense.gov/2025/Jun/23/2003742198/-1/-1/0/CSI_MEMORY_SAFE_LANGUAGES_REDUCING_VULNERABILITIES_IN_MODERN_SOFTWARE_DEVELOPMENT.PDF
