Python listed as memory-safe language in latest CISA recommendations

Published 2023-12-14 by Seth Larson
Reading time: 2 minutes

This critical role would not be possible without funding from the OpenSSF Alpha-Omega project. Massive thank-you to Alpha-Omega for investing in the security of the Python ecosystem!

Memory-safety is clearly a top priority for software security, making up 70% of vulnerabilities in popular software like Chrome and Windows. The US Government RFI on open source security had a focus area on memory-safety to which the Python Software Foundation provided a response, for which I was the primary author on this topic.

The US government organization CISA (Cybersecurity and Infrastructure Security Agency) issued new recommendations this week regarding securing software products through memory safety. You can read the full information sheet here.

From the recommendation I have the following quote, emphasis mine:

“Recommended memory safe programming languages mentioned in the CSI include C#, Go, Java, Python, Rust, and Swift.”

This is awesome news for Python users! 🥳

More support will be needed to migrate Python's extensive packaging ecosystem from memory-unsafe languages to memory-safe languages. I've made recommendations on how best the US government can aid in that effort in the PSF's RFI response. My recommendations included:

You can see the current usage of memory-unsafe languages in Python projects in a previous article.

Other items

That's all for this week! 👋 If you're interested in more you can read next week's report or last week's report.

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0