Fifty-two percent of 172 widely deployed critical open-source projects had memory-unsafe code or were not written in programming languages that curb memory-related errors, according to BleepingComputer.
Memory-unsafe languages were also used in 55% of total lines of code across all of the examined open-source projects, with Linux having the largest unsafe code ratio of 95%, a report from the Cybersecurity and Infrastructure Security Agency, FBI, Canadian Centre for Cyber Security, and the Australian Signals Directorate's Australian Cyber Security Centre. "We observed that many critical open source projects are partially written in memory-unsafe languages and limited dependency analysis indicates that projects inherit code written in memory-unsafe languages through dependencies," said CISA, which recommended an immediate transition to code written in Rust, GO, Java, and other memory-safe languages. Software developers have also been urged to bolster dependency management and auditing, as well as conduct continuous static and dynamic analyses on top of adhering to safe coding practices.
