Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

new SHOULD badging criteria in gold for memory-safe language usage? #2160

Open
TonyLHansen opened this issue Aug 28, 2024 · 2 comments
Open

Comments

@TonyLHansen
Copy link
Contributor

There are some reports recently (June 2024 and Dec 2023) published on memory safe code by Cybersecurity and Infrastructure Security Agency (CISA), and others:

joint-guidance-exploring-memory-safety-in-critical-open-source-projects-508c.pdf,
The-Case-for-Memory-Safe-Roadmaps-508c.pdf

Should we have some information on memory safe languages as part of the badging criteria?

One possibility would be the addition of a gold-level SHOULD question asking if a memory safe language is being used.

@david-a-wheeler
Copy link
Collaborator

We definitely want to encourage the use of memory-safe languages, but mandating them seems too far. Even for gold.

In particular, today trying to create a performant kernel in a language other than C or C++ is applied research. There have been commercial-grade operating systems written Ada (Biin), PL/1 (e.g., CP/M), and Lisp (Symbolics), but that's not something that's normally done in the last 20 years. The Linux kernel developers are working to make it possible to write device drivers in Rust, and there are definitely discussions on doing more. I think they will eventually succeed. However, this effort is resulting in changes to the Rust language and implementation, which means it's an effort in transition. So it's challenging to do in some cases. This would make gold unattainable for practical kernels & many other IoT devices.

The costs also make this very hard. I did a quick estimate of the costs to rewrite all C and C++ code, and came up with about $2.4 trillion (USD). I don't have that in my back pocket.

Don't get me wrong, I think it's good to encourage memory-safe languages. I'm not sure this is the right way to do it, though, at least at the "gold" level.

If we want to put it in a level at all, there's possible variation. We had discussed creating a fourth "platinum" level where there is 100% review of all changes. I could see "use memory-safe language" in the platinum level, if we were going to do that. Then "platinum" would have multiple criteria & they'd be plausible in some circumstances.

@TonyLHansen
Copy link
Contributor Author

This is why I said "SHOULD" and not "MUST". It'd be a recommendation and not a mandate.

And yes, all of the SHOULDs in the current gold level are fodder for MUSTs in a hypothetical platinum level.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants