Back to the Building Blocks: A Path Toward Secure and Measurable Software

The Biden Administration’s National Cybersecurity Strategy presents a two-fold approach to improving cybersecurity. First, in order to minimize vulnerability of data, creators of software and hardware must take greater precaution to secure the foundation of their work. This involves greater record keeping of exposures and weaknesses and opting for hardware and software with greater “memory safety”. For software, this includes moving toward languages with memory safety, something C and C++ notably lack, despite their popularity. For hardware, implementing extensions on the chip to gain further information about the pointers in memory can help prevent bugs and vulnerabilities. Second, it is necessary to make progress on the measurability of software in its security. By formulating a metric to indicate the cybersecurity quality of software, many actors would be able to make more informed decisions. On the market scale, producers and consumers would be interested in optimizing the security of the software they create and use, respectively. Zooming in, the burden of considering cybersecurity could be greater distributed throughout a company. Not only those producing software, but those purchasing or using code, could more easily consider the security of their actions, improving the overall security of their organization.