The White House, CISA, NSA, FBI, and Cybersecurity Authorities from the Five Eyes push for memory-safe runtimes like .NET for IoT.
In software development, managing memory is similar to finding a parking spot in a crowded city. Legacy languages like C and C++, while powerful and versatile, leave the task of memory management—or “parking”—up to developers. This approach is powerful because it provides maximum flexibility but without any built in security checks, it’s effectively the same as parking cars blindfolded and leaving them unlocked with the keys in the ignition.
This manual memory management is so complex that even seasoned developers struggle with it, and numerous tools such as linters and other static analysis utilities have been written that read and analyze code to manage it. And yet, even then, major software companies such as Google and Microsoft have publicly stated that they’ve found more than two-thirds of all security vulnerabilities in applications are due to memory issues.
The security implications of this have not been lost on critical infrastructure and defense operators. Recognizing the potentially catastrophic impact of such vulnerabilities, the U.S. CISA, NSA, FBI, and International Cybersecurity Authorities (from the Five Eyes) posted strong guidance a few years ago urging developers to move away from these legacy platforms. They recommend adopting modern, memory-safe platforms such as .NET, Rust, and others.
More recently, possibly as a prelude to a mandate, the White House issued similar guidance, echoing the earlier CISA, NSA, FBI and International Cybersecurity Authorities whitepaper.
Self-parking is inherently dangerous.
In programming, the “self-park” approach refers to manual memory management, where developers allocate and free up memory spaces themselves. This method, while offering granular control, opens up avenues for security breaches. One of the most common vulnerabilities exploited is what’s known as a buffer overflow, where programs write data outside the bounds of allocated memory. This can be exploited by attackers to inject malicious code into another application’s process, tricking that application, which might have elevated privileges, to perform operations that give hackers access to the system, manipulate data, or even crash the system.
The valet approach is much safer.
On the other hand, modern programming languages and platforms such as C# and .NET take a “valet-parked” approach to managing memory. Instead of having direct access to parking spaces, programmers work with a virtual memory map that abstracts the underlying complexity of managing all the cars and parking and instead relies on the system to manage them. Developers simply hand their data to the valet, and the valet handles moving cars around to make space for big vehicles, makes sure that no cars are crashed into occupied spaces, and will periodically clean up abandoned cars, long forgotten by their owners.
Valet-parked, but still fast.
This approach means that every time a developer tries to allocate space for some set of data, the system makes sure it fits, and when they try to access that data, the system makes sure they’re accessing their own car, and not someone else’s. And while making these memory safety checks on every memory access call would seem like it should slow program execution down, in reality, modern .NET applications are often just as performant as C/C++ because of optimizations in the runtime as well as other innovations in these memory safe platforms such as Ahead-of-Time (AoT) compilation, which removes much of the application execution penalty by compiling modern code down to the equivalent C/C++ output at build time.
Moving forward towards a future of secure programming.
Delivering a memory safe approach to IoT development has been a driving force at Wilderness Labs with our Meadow platform, just as it was for us when we were building Xamarin. We believe that just because a field has been dominated by legacy codebases and platforms in the past, it doesn’t need to be in the future. And as we continue to push the boundaries of what’s possible with technology, especially in embedded systems, we know a secure approach to programming is critical. The advice from the White House is a timely reminder of the evolving landscape of cybersecurity threats and the need for robust security measures built directly into the platform runtime itself.
Embracing languages that feature automated memory management, like .NET, is not just about enhancing security; it’s about adopting a forward-thinking approach to software development. By reducing the burden on developers to manage memory manually, we not only secure our applications but also enable developers to focus on innovating.
Transitioning from traditional programming languages to modern, more secure counterparts offers a safer and more efficient method for managing our code. By adopting memory-safe programming languages we eliminate entire classes of vulnerabilities. As developers and leaders in IoT innovation, it’s our responsibility to ensure that our applications are not only powerful and efficient but also secure and resilient against the wide range of threats that pervade the modern world.