Software Makers Encouraged to Stop Using C/C++ by 2026

Software Makers Encouraged to Stop Using C/C++ by 2026

The federal government is encouraging software manufacturers to ditch C/C++ and take other actions that could “reduce customer risk,” according to the Product Security Best Practices report. In particular, CISA and the FBI set a deadline of Jan. 1, 2026, for compliance with memory safety guidelines. The report covers guidelines and recommendations rather than mandatory rules, particularly for software manufacturers who work on critical infrastructure or national critical functions. The agencies specifically highlighted on-premises software,…

Read More

Millions of Apple Applications Were Vulnerable to CocoaPods Attack

Millions of Apple Applications Were Vulnerable to CocoaPods Attack

Many macOS and iOS applications were open to a vulnerability in CocoaPods, an open-source dependency manager, E.V.A. Information Security revealed on July 1. The vulnerability has been patched since EVA first discovered it, and no attacks have occurred that are conclusively related to it. However, the case is interesting because the vulnerability stayed unnoticed for so long and highlighted how developers should be careful with open-source libraries. The vulnerability is a good reminder for developers…

Read More

White House Recommends Memory-Safe Programming Languages and Security-by-Design

White House Recommends Memory-Safe Programming Languages and Security-by-Design

A new White House report focuses on securing computing at the root of cyber attacks — in this case, reducing the attack surface with memory-safe programming languages like Python, Java and C# and promoting the creation of standardized measurements for software security. The report urges tech professionals to: Implement memory-safe programming languages. Develop and support new metrics for measuring hardware security. This report, titled Back to the Building Blocks: A Path Toward Secure and Measurable…

Read More