It Is Time to Standardize Principles and Practices for Software Memory Safety

Memory-safety vulnerabilities have constituted approximately two-thirds of critical security vulnerabilities in major software systems for over two decades, enabling widespread malware and targeted attacks. Strong memory-safety technologies have matured sufficiently for deployment, but lack standardized terminology and frameworks for implementation and procurement. Market failure and misaligned incentives have hindered adoption of memory-safe solutions, despite their potential to prevent catastrophic security breaches.