LOL, DoD mandated Ada for application development in the early 90s for precisely this reason and then dropped it several years later when it was apparent arbitrary standards like that are dumb. And now, in 2024, boatloads of Ada are still in production but there is a struggle to find maintainers at reasonable prices. So it rots.
The only time I’ve ever worked for the government was between undergrad and grad school and interned as a software QA engineer. It was astonishing how much utter chit code came out of the offices of Beltway bandits. Failing to check inputs, resulting in buffer overflows, etc. — and even back then, we understood that stuff quite well.
I’d have to think this document is a statement of, “we know we can’t afford to fix all the crap that’s out there, so let’s stop the bleeding now.”
The NSA first wrote/warned of this a few years ago.
The National Security Agency (NSA) published guidance today to help software developers and operators prevent and mitigate software memory safety issues, which account for a large portion of
www.nsa.gov
www.infoworld.com
