An official website of the United States government
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | June 24, 2025

NSA and CISA Release CSI Highlighting Importance of Memory Safe Languages in Software Security

FORT MEADE, Md. - The National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint Cybersecurity Information Sheet (CSI) to highlight the importance of adopting memory safe languages (MSLs) in improving software security and reducing the risk of security incidents.
 
Memory safety affects all software development and is a critical aspect to a holistic approach to security. Adopting MSLs will directly improve software security for all.
 
The CSI, “Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development,” details these various benefits of MSLs, citing several examples and case studies, and highlights the additional advantages that MSLs bring to reliability and productivity. Reducing memory-related vulnerabilities is critical and the consequences of not addressing memory safety vulnerabilities can be severe, including data breaches, system crashes, and operational disruptions.
 
MSLs incorporate built-in mechanisms, such as bounds checking, memory management, and data race prevention, to guard against various memory bugs and vulnerabilities. Without these safeguards, such weaknesses could be exploited by malicious actors. By embedding these safety features directly at the language level, MSLs prevent memory safety issues from the outset.
 
The authoring agencies urge organizations to consider whether adopting MSLs is practical for their circumstances, and provides adoption approaches and engineering considerations to ensure effective implementation of MSLs into their software. MSL adoption does not require existing code to be completely rewritten, and the report provides guidance to leverage interoperability to integrate with existing codebases. Further, the report also details ways non-MSLs can be made safer in cases where adopting an MSL is not practically feasible.
 
To strengthen national cybersecurity and reduce memory vulnerabilities, software producers, especially those for National Security Systems (NSS) and critical infrastructure, should utilize this guidance to plan for and begin using MSLs for their software systems.
 
Read the full report, “Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development,” here.
 

Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations
MediaRelations@nsa.gov
443-634-0721

Related Documents

CSI: Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development
cybersecurity Cybersecurity Information Sheet CSI memory safe languages national security systems software producers memory safety
Hosted by Defense Media Activity - WEB.mil Veterans Crisis Line number. Dial 988 then Press 1