Zero Trust assumes that a network has been breached and refocuses cybersecurity on apps, data and people, rather than hardening the network perimeter.
“Instead of being reactive to vulnerabilities, we should eliminate them proactively with secure languages, platforms, and frameworks that stop entire classes of bugs,” said Brewer and Lorenc.
“Preventing problems before they leave the developer’s keyboard is safer and more cost-effective than trying to fix vulnerabilities and their fallout.”
Biden appealed to the private sector at the White House cybersecurity summit on Wednesday, noting that federal government alone couldn’t meet the challenge of protecting critical infrastructure from cyberattacks.
One of the papers discusses the security problems inherent to coding in the C programming language and the emergence of Rust.
“Secure languages and application frameworks can be used to impose a structure on software that enables high-confidence reasoning about its security, at scale,” Brewer wrote.
“But ensuring that this requirement is actually fulfilled for real-world C code is challenging, and often requires difficult reasoning about heap memory structure. Similarly, it is difficult to ensure correct validation and escaping for all data that flows into a web application’s HTML markup, since data often passes through several components on its way from inputs to outputs, such as through a storage schema.”
“In contrast, Rust has emerged as a practical alternative to C and C++ as a systems-development language, embodying a secure-by-construction stance on memory safety. Rust’s type system imposes an ownership discipline that ensures, for example, that freed memory cannot be accessed.”
To that end, Google is backing a plan to get Rust into the Linux kernel as a second language to C. Lorenc and Brewer argue that software bugs should be limited from the outset, rather than just reacting to new vulnerabilities. Microsoft and Amazon Web Services are also backing Rust as a memory-safe alternative to C and C++ for systems programming.
Google also offered its opinion on the idea of a software bill of materials (SBOMs) as part of the official US response to software supply chain attacks. The Linux Foundation is contributing this aspect of Biden’s order. It’s a complex problem to solve in both open-source and proprietary software due to the vast number of library dependencies used in modern programs.
“SBOMs need a reasonable signal-to-noise ratio: if they contain too much information, they won’t be useful, so we urge the NTIA [National Telecommunications and Information Administration] to establish both minimum and maximum requirements on granularity and depth for specific use-cases,” Google said.