Memory safety vulnerabilities pose a significant challenge to software security, and Google is actively addressing this issue through a strategy known as Safe Coding. This approach emphasizes the transition to memory-safe programming languages as a means to reduce vulnerabilities at their source. The blog post, authored by Jeff Vander Stoep and Alex Rebert, outlines the rationale behind this strategy and presents data demonstrating its effectiveness, particularly in the context of Android development. The authors highlight that focusing on Safe Coding for new code can lead to a surprising reduction in overall security risks, even as the amount of memory-unsafe code increases. This counterintuitive outcome is attributed to the nature of vulnerabilities, which tend to decay over time. Research indicates that most vulnerabilities are found in new or recently modified code, suggesting that by prioritizing memory-safe languages for new features, the overall density of vulnerabilities can decrease significantly. The blog provides a detailed analysis of the transition that the Android team began around 2019, driven by the rising costs and complexities associated with managing memory safety vulnerabilities. Over a six-year period, the percentage of memory safety vulnerabilities in Android dropped from 76% to 24%, a notable improvement that aligns with the shift towards memory-safe languages. The authors discuss the evolution of strategies to combat memory safety vulnerabilities, categorizing them into four generations. The first generation focused on reactive patching, which proved costly and insufficient. The second generation involved proactive mitigations, which raised the cost of exploitation but also imposed performance overhead. The third generation emphasized proactive vulnerability discovery through tools like sanitizers and fuzzing, yet these methods often addressed symptoms rather than root causes. The fourth generation, which Google is now pursuing, centers on high-assurance prevention through Safe Coding. This approach integrates security directly into the development process, leveraging language features and static analysis to create a secure-by-design ecosystem. By establishing a baseline of security through memory-safe languages, the goal is to reduce vulnerability density and improve overall software quality. The blog also emphasizes the importance of interoperability between memory-safe and memory-unsafe languages, allowing for a gradual transition without the need to rewrite existing code. Google has invested in tools and initiatives to facilitate this interoperability, such as grants to the Rust Foundation and the development of interoperability tooling. As Safe Coding continues to reduce risks, the authors anticipate a shift in the reliance on traditional mitigations and detection methods. They expect that as more code transitions to memory-safe languages, the need for exploit mitigations will decrease, leading to more efficient software. Additionally, proactive detection methods like fuzzing may become more effective as they can be applied to smaller, well-encapsulated code segments. In conclusion, the blog post underscores the importance of adopting Safe Coding practices to combat memory safety vulnerabilities effectively. By focusing on prevention and leveraging the natural decay of vulnerabilities, Google aims to enhance the security of its software products, particularly within the Android ecosystem. The commitment to secure-by-design principles is expected to yield long-term benefits in reducing vulnerabilities and improving overall software safety.

The Safe C++ Extensions proposal, recently published by the C++ community, aims to address the challenge of ensuring that C++ code is free of memory safety bugs. Private and public sector organizations have been pushing programmers to write new applications and rewrite old ones in memory safe languages over the past two years. The majority of serious vulnerabilities in large codebases come from memory safety flaws. The Safe C++ project adds new technology for ensuring memory safety, preventing users from writing unsafe code. It allows existing code to work as always and ensures stakeholders have control for incrementally opting into safety.

Memory safety vulnerabilities pose a significant challenge to software security, and Google is actively addressing this issue through a strategy known as Safe Coding. This approach emphasizes the transition to memory-safe programming languages as a means to reduce vulnerabilities at their source. The belief is that by focusing on Safe Coding for new code, the overall security risk of a codebase can be significantly diminished, leading to a notable decline in memory safety vulnerabilities. The blog post highlights a remarkable statistic: the percentage of memory safety vulnerabilities in Android has decreased from 76% to 24% over a six-year period, coinciding with a shift towards memory-safe languages. This transition is not just a theoretical exercise; it has practical implications that can be observed in the Android codebase. A key insight shared is the counterintuitive nature of the results. As new development increasingly incorporates memory-safe languages, the overall number of memory safety vulnerabilities declines, even as the amount of memory-unsafe code grows. This phenomenon can be explained by the concept of vulnerability decay, where vulnerabilities tend to reside in newer or recently modified code. As older code matures, it becomes less prone to vulnerabilities, leading to an overall reduction in risk. The Android team began prioritizing memory-safe languages around 2019, driven by the rising costs and complexities associated with managing memory safety vulnerabilities. The results have been promising, with a continued decline in memory safety vulnerabilities observed in 2024. This decline is attributed to the correlation between the programming languages used for new code and the prevalence of memory safety issues. The blog also outlines the evolution of strategies to combat memory safety vulnerabilities over the years. The first generation focused on reactive patching, which proved costly and insufficient. The second generation introduced proactive mitigations, but these often came with performance overhead and did not fully address the root causes. The third generation emphasized proactive vulnerability discovery, yet still fell short of providing high assurance. The fourth generation, which Google is now embracing, is centered around high-assurance prevention through Safe Coding. This approach integrates security directly into the development process, allowing for continuous assurance and reducing the likelihood of introducing vulnerabilities. By leveraging memory-safe languages and focusing on secure-by-design practices, Google aims to break the cycle of constant vulnerability management and instead foster a more secure development environment. Interoperability is highlighted as a crucial aspect of this transition. Rather than discarding existing memory-unsafe code, Google is working on making interoperability between memory-safe and unsafe languages seamless. This strategy allows for incremental improvements while capitalizing on existing code investments. As Safe Coding continues to reduce risks, the reliance on previous generations of security measures is expected to diminish. The focus will shift towards more selective use of mitigations and enhanced effectiveness of proactive detection methods. In conclusion, the adoption of Safe Coding represents a paradigm shift in how software security is approached. By prioritizing memory-safe languages and integrating security into the development lifecycle, Google is not only addressing current vulnerabilities but also setting a foundation for a more secure future in software development. The ongoing efforts and results from the Android team serve as a testament to the effectiveness of this strategy, with further insights and developments anticipated in the coming months.

Google has published a whitepaper that outlines its "Secure by Design" approach, which advocates for the adoption of languages like Java, Go, and Rust to achieve high-assurance memory safety. Google has a massive C++ codebase. It will gradually adopt memory-safe languages for new code while seeking safety improvements for existing C++.

Strong types in programming languages like C++ and Rust, which enforce specific data types and rules for variables, lead to fewer bugs, more expressive APIs, and potentially better performance. They prevent invalid input, improve code clarity, and reduce the need for repetitive error checking (like in JavaScript with undefined).

Java is evolving to incorporate concepts popularized by Rust, such as immutable data structures by default and algebraic data types. These changes were inspired by Rust's emphasis on compile-time safety guarantees. Developers can now define immutable records in Java. Java's new sealed interfaces and exhaustive switch syntax enable the use of algebraic data types so that code handles all possible states of a variable in a type-safe manner.

Patching globals, or modifying existing APIs in a language, can lead to maintenance issues, unpredictable behavior due to conflicting implementations, vendor lock-in, and even slow down the progress of the language itself. These issues arise because patched globals are essentially modifications to code that you don't own, making them difficult to manage and predict. There are often better, more explicit solutions to API design challenges that avoid these issues.

Solana's program security is critical to ensuring applications behave as intended, affecting performance, scalability, and interoperability. As such, developers must understand potential attack vectors and vulnerabilities such as logic bugs, data validation flaws, and access control vulnerabilities and employ strategies like rigorous testing and code auditing to mitigate risks. This comprehensive guide delves into common vulnerabilities developers might face, offering insights and mitigation strategies to safeguard Solana programs against exploits.

Invalid states can lead to runtime errors and less reliable code. However, by shrinking the gap between representable, valid states, errors can be moved from runtime to compile time, which allows them to get caught much earlier. Type systems can and should be used to model business logic that makes invalid states impossible and unrepresentable. This article goes through a few examples, such as a “Color” type that prevents invalid colors.

Programmers should embrace a mindset of skepticism and constant verification, as trusting abstractions can lead to unexpected problems. Abstractions, while necessary for efficient thinking, are often leaky and can fail in unpredictable ways, so it's important to understand the underlying mechanisms. That's why "trust, but verify” is necessary when working on a project with a lot of abstractions.

Functional programming languages should embrace mutation more effectively, as current approaches have significant drawbacks. This author critiques existing options, including allowing unrestricted mutation, limiting mutation to specific regions, and using linearity. A fundamentally new approach that addresses the shortcomings of current methods and integrates well with existing state management solutions is needed.

June is a new systems programming language that aims to be easier to learn and use than Rust. It simplifies memory management using grouped allocations, so related data shares a single lifetime rather than tracking individual lifetimes as in Rust.

In programming languages, failures are systemic limitations that come from constraints and might be recoverable. Mistakes are code-based errors that violate program logic and usually need safe termination. Failures and mistakes should be handled differently by software.

Meta has released two language models that can compile code to assembly and decompile to LLVM IR. They were trained on 546 Billion tokens of high-quality data then further instruction tuned. They are able to achieve 77% of optimized assembly performance and have 45% round trip disassembly performance.

Undefined behavior (UB) in C code allows compilers to optimize code based on the assumption that no UB exists, potentially removing conditions or altering program flow. However, the handling differs between compilers if the compiler statically detects UB, like division by zero: GCC tends to crash the program, while Clang may ignore the undefined code or continue compiling, potentially leading to unexpected results later. This differing behavior is due to different philosophies - LLVM aims for more lenient handling to match developer expectations, while GCC takes a more conservative approach.

Quick and dirty caches, while imperfect, can be valuable tools for quickly improving software performance, especially in constrained environments, as long as developers are aware of their limitations and trade-offs.

Socket Security protects applications from hidden malware in open source code. It goes beyond traditional scanners to find new threats and integrates with GitHub for developer fixes.

The most fundamental goal of software design is to make code understandable. Understandable code is needed for correctness, security, and performance, as a lack of understanding leads to defects, security issues, and misguided performance optimizations. Focusing on understandability means making the code itself readable and providing supporting documentation to clarify complex concepts or system architecture.