The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have jointly issued a security alert categorizing buffer overflow vulnerabilities as 'unforgivable defects' and urging software developers to prioritize secure coding practices to mitigate these risks. The agencies emphasize that these vulnerabilities, which allow attackers to exploit software flaws and gain unauthorized access to systems, are preventable if developers adopt modern and secure coding techniques.
US authorities have labelled buffer overflow vulnerabilities 'unforgivable defects', pointed to the presence of the holes in products from the likes of Microsoft and VMware, and urged all software developers to adopt secure-by-design practices to avoid creating more of them. Buffer overflow vulnerabilities occur when software unexpectedly writes more data to memory storage than has been allocated for that data. The extra information spills into other memory, altering it.
Smart attackers can feed carefully crafted data into software with these bugs to hijack the flow of the program so that it can be made to do malicious things, or simply crash it. \The FBI and Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) labelled such memory safety flaws “unforgivable” because they’re avoidable if developers stop using outdated and unsafe coding practices and languages. CISA and the FBI maintain that the use of unsafe software development practices that allow the persistence of buffer overflow vulnerabilities — especially the use of memory-unsafe programming languages — poses unacceptable risk to our national and economic security,' the two government agencies wrote in their joint security alert.Both agencies understand that rewriting entire codebases in memory-safe languages will require 'significant effort,' and as such recommend manufacturers implement a phased transition plan. While making this shift, 'manufacturers should also consider leveraging technologies to limit memory safety vulnerabilities in their existing code bases,' CISA and the FBI note. \The government also urged software developers to 'conduct aggressive adversarial product testing, including static analysis, fuzzing, and manual reviews' throughout the entire development lifecycle.
Buffer Overflow Cybersecurity Software Vulnerabilities Secure Coding US Government
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
US Authorities Label Buffer Overflow Vulnerabilities 'Unforgivable Defects'US authorities have labeled buffer overflow vulnerabilities as 'unforgivable defects' and urged all software developers to adopt secure-by-design practices. These vulnerabilities occur when software unexpectedly writes more data to memory than allocated, potentially allowing attackers to hijack program flow, execute malicious code, or cause crashes.
Read more »
Michael Buffer's fee as Sky Sports splash out on boxing icon for Super LeagueMichael Buffer was in attendance for the Super League season opener between Wigan Warriors and Leigh Leopards, with Sky Sports forking out for his appearance
Read more »
Grandfather of Southport Stabbing Survivor Demands Answers, Blames Authorities for Lack of ActionThe grandfather of a girl who survived the Southport stabbings last year has launched a scathing attack on the authorities, claiming they failed to protect his family and others from the deadly threat posed by Axel Rudakubana. He accuses officials of ignoring warning signs about Rudakubana's violent tendencies and withholding crucial information about his connection to counter-terrorism police and the discovery of ricin in his home.
Read more »
Grandfather of Southport Stabbing Survivor Demands Answers From AuthoritiesThe grandfather of a girl who survived the July 29th attack in Southport, where three young girls were killed, has demanded accountability from authorities, accusing them of failing to recognize the deadly threat posed by Axel Rudakubana. He criticizes both the lack of action prior to the attack and the suppression of information about Rudakubana's known ties to counter-terrorism police and the discovery of ricin in his home.
Read more »
At least 70 people killed in Nigerian fuel tanker explosion, authorities sayThe blast happened in the early hours of Saturday near the Suleja area of Niger state.
Read more »
Nigel Farage Accuses Authorities of 'Cover-Up' in Southport Child MurdersNigel Farage alleges authorities engaged in a cover-up regarding the Southport child murders, claiming the killer's terror links were concealed. The Reform leader criticized Sir Keir Starmer and police for not revealing the truth about Axel Rudakubana's motives and background. Rudakubana, who murdered three children and attempted to murder others, was referred to the counter-terrorism scheme Prevent multiple times before the attack.
Read more »