CISA, FBI publish secure by design alert on memory safety offering steps to boost product security

The Cybersecurity and Infrastructure Security Agency and the FBI are providing guidance on eliminating a subset of memory safety vulnerabilities, in the latest installment of a series on implementing secure by design principles.

“Despite the existence of well-documented, effective mitigations for buffer overflow vulnerabilities, many manufacturers continue to use unsafe software development practices that allow these vulnerabilities to persist. For these reasons--as well as the damage exploitation of these defects can cause--CISA, FBI, and others designate buffer overflow vulnerabilities as...