The FBI and the U.S. cyber agency CISA have been highly critical of software vendors that continue to have buffer overflows in their software. This is stated in the recently released Secure by Design Alert.
"Buffer overflow vulnerabilities occur when attackers access or write information to the wrong part of computer memory, such as outside the memory buffer," state the FBI and CISA. In the worst case, this allows a malicious party to execute its own code on the system. According to the FBI and CISA, the use of memory unsafe programming languages is an unacceptable risk to national and economic security.
"The software developer community has 20 years of extensive knowledge and effective solutions to buffer overflows. Unfortunately, many software vendors continue to expose customers to products with these vulnerabilities," said the FBI and CISA in the Secure by Design Alert. They call on software vendors to apply proven mitigations to prevent buffer overflows.
Click here for the Secure by Design Alert from the FBI and CISA.
