US Government may require open source software to use memory safe languages

I’m not seeing “require” in this document. It looks like the document is proposing education and funding for memory safe projects here.

Please change this incorrect click bait title.<p>It’s a project to encourage their use. I have also heard about them being required in the future in government roles that are security sensitive which is quite reasonable.

&gt; As highlighted in the National Cybersecurity Strategy and its Implementation Plan Initiative 4.2.1, the ONCD has established an Open-Source Software Security Initiative (OS3I) to champion the adoption of memory safe programming languages and open-source software security.<p>This says nothing about &quot;requiring&quot; OSS to use memory safe languages. This headline is misleading.

&gt; In 2021, following the aftermath of the Log4Shell vulnerability<p>&gt; Supporting rewrites of critical open-source software components in memory safe languages<p>Let&#x27;s get everyone onto this Java thing I&#x27;ve been hearing so much about.

While I could see making this a requirement for USG usage, it seems like pretty big overreach outside of that. It would also interfere with the steady supply of 0days the NSA et. al. need.

What languages are memory safe? or are they avoiding to say Rust?

I&#x27;m going to change the license on my products to &quot;You are NOT allowed to use this. Don&#x27;t ask. Don&#x27;t use&quot;<p>It&#x27;s not like people are suddenly going to respect licenses.

Ha ha ha.<p>Plenty of OSS is created outside the USA. Good luck applying any such mandates.

Let them. The faster they put this in place, the faster they will learn the consequences of their incompetence.

Rust is memory safe if you chose to use it that way. So is c&#x2F;c++. Rust has no “defined behavior”, unlike c&#x2F;c++ which has clear defined behavior (via the standard).<p>Yes I jump to rust when it’s not mentioned… copium