| dc.contributor.author | Watson, Robert | |
| dc.contributor.author | Baldwin, John | |
| dc.contributor.author | Chen, Tony | |
| dc.contributor.author | Chisnall, David | |
| dc.contributor.author | Clarke, Jessica | |
| dc.contributor.author | Davis, Brooks | |
| dc.contributor.author | Filardo, Nathaniel | |
| dc.contributor.author | Gutstein, Brett | |
| dc.contributor.author | Jenkinson, Graeme | |
| dc.contributor.author | Laurie, Ben | |
| dc.contributor.author | Mazzinghi, Alfredo | |
| dc.contributor.author | Moore, Simon | |
| dc.contributor.author | Neumann, Peter | |
| dc.contributor.author | Okhravi, Hamed | |
| dc.contributor.author | Rebert, Alex | |
| dc.contributor.author | Richardson, Alex | |
| dc.contributor.author | Sewell, Peter | |
| dc.contributor.author | Tratt, Laurence | |
| dc.contributor.author | Vijayaraghavan, Muralidaran | |
| dc.contributor.author | Vincent, Hugo | |
| dc.contributor.author | Witaszczyk, Konrad | |
| dc.date.accessioned | 2025-02-18T18:31:32Z | |
| dc.date.available | 2025-02-18T18:31:32Z | |
| dc.date.issued | 2025-02-01 | |
| dc.identifier.issn | 0001-0782 | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/158237 | |
| dc.description.abstract | In this Inside Risks column, we explore memory-safety standardization, which we argue is an essential step to promoting universal strong memory safety in government and industry, and, in turn, to ensure access to more secure software for all. During the last two decades, a set of research technologies for strong memory safety—memory-safe languages, hardware and software protection, formal approaches, and software compartmentalization—have reached sufficient maturity to see early deployment in security-critical use cases. However, there remains no shared, technology-neutral terminology or framework with which to specify memory-safety requirements. This is needed to enable reliable specification, design, implementation, auditing, and procurement of strongly memory-safe systems. Failure to speak in a common language makes it difficult to understand the possibilities or communicate accurately with each other, limiting perceived benefits and hence actual demand. The lack of such a framework also acts as an impediment to potential future policy interventions, and as an impediment to stating requirements to address observed market failures preventing adoption of these technologies. Standardization would also play a critical role in improving industrial best practice, another key aspect of adoption. | en_US |
| dc.publisher | Association for Computing Machinery | en_US |
| dc.relation.isversionof | https://doi.org/10.1145/3708553 | en_US |
| dc.rights | Article is made available in accordance with the publisher's policy and may be subject to US copyright law. Please refer to the publisher's site for terms of use. | en_US |
| dc.source | Association for Computing Machinery | en_US |
| dc.title | It Is Time to Standardize Principles and Practices for Software Memory Safety | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Watson, Robert, Baldwin, John, Chen, Tony, Chisnall, David, Clarke, Jessica et al. 2025. "It Is Time to Standardize Principles and Practices for Software Memory Safety." Communications of the ACM, 68 (2). | |
| dc.contributor.department | Lincoln Laboratory | |
| dc.relation.journal | Communications of the ACM | en_US |
| dc.identifier.mitlicense | PUBLISHER_POLICY | |
| dc.eprint.version | Final published version | en_US |
| dc.type.uri | http://purl.org/eprint/type/JournalItem | en_US |
| eprint.status | http://purl.org/eprint/status/NonPeerReviewed | en_US |
| dc.date.updated | 2025-02-01T08:58:19Z | |
| dc.language.rfc3066 | en | |
| dc.rights.holder | The author(s) | |
| dspace.date.submission | 2025-02-01T08:58:20Z | |
| mit.journal.volume | 68 | en_US |
| mit.journal.issue | 2 | en_US |
| mit.license | PUBLISHER_POLICY | |
| mit.metadata.status | Authority Work and Publication Information Needed | en_US |
