{"id":329611,"date":"2024-02-29T16:37:00","date_gmt":"2024-02-29T16:37:00","guid":{"rendered":"http:\/\/itteacheritfreelance.hk\/wordpress\/?guid=e0e60ae505a1a892f0134b87a250f360"},"modified":"2024-02-29T16:37:00","modified_gmt":"2024-02-29T16:37:00","slug":"white-house-recommends-use-of-memory-safe-languages-like-python","status":"publish","type":"post","link":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/2024\/02\/29\/white-house-recommends-use-of-memory-safe-languages-like-python\/","title":{"rendered":"White House recommends use of memory-safe languages like Python"},"content":{"rendered":"<p class=\"syndicated-attribution\"><meta name= \\\"keywords \\\" content= \\\"\u96fb\u5b50\u8a08\u7b97\u6a5f, \u6559\u80b2, IT \u96fb\u8166\u73ed,\u96fb\u8166\u88dc\u7fd2\uff0c \u96fb\u8166\u73ed\uff0c \u5bb6\u6559\uff0c \u79c1\u4eba\u8001\u5e2b\uff0c \u8cc7\u8a0a\u6280\u8853\uff0c \u7a0b\u5e8f\u8a2d\u8a08\uff0c \u96fb\u5b50\u8a08\u7b97\u6a5f\uff0c \u904a\u6232\uff0c \u860b\u679c\uff0c \u96fb\u5f71\uff0c \u8a08\u7b97\u6a5f\uff0c\u7de8\u78bc\uff0c Java\uff0c C\/C++\uff0c JavaScript\uff0c PHP\uff0c HTML\uff0c CSS\uff0c MySQL\uff0c mobile\uff0c Android\uff0c \u52d5\u6f2b\uff0c Python\uff0c teacher\uff0c \u88dc\u7fd2\uff0c \u96fb\u8166\u88dc\u7fd2 \u8cc7\u8a0a, \u7535\u5b50\u8ba1\u7b97\u673a, IT ,Game, apple, movie, Computer,student,Java,\u6559\u80b2, ,\u5b66\u751f, \u5b66\u4e60, learn, \u6559\u5b66,  Android, apple,anime, animation, \u4fe1\u606f\u6280\u672f, \u7a0b\u5e8f\u8bbe\u8ba1, \u79fb\u52a8\u7535\u8bdd, \u8cc7\u8a0a\u79d1\u6280,Game, Jeu, Juego,Call Of Duty ,\u4f7f\u547d\u53ec\u559a , \u6e38\u620f, \u7535\u5b50\u6e38\u620f,, \u591a\u4eba\u7535\u5b50\u6e38\u620f, \u7f51\u7edc\u6e38\u620f\uff0conline\uff0conline game, \u624b\u673a\u6e38\u620f, mobile \\\"><\/p>\n<p>Earlier this week the White House <a href=\"https:\/\/www.whitehouse.gov\/oncd\/briefing-room\/2024\/02\/26\/press-release-technical-report\/\">published a report<\/a> recommending the use of memory-safe programming languages to eliminate an entire class of vulnerabilities affecting software. The report quotes claims from large software producers like Google and Microsoft which estimate that <b>70% of vulnerabilities affecting software are due to memory-safety issues.<\/b><\/p>\n<p>Back in December of 2023, the Cybersecurity and Infrastructure Security Agency (CISA) <a href=\"https:\/\/www.nsa.gov\/Press-Room\/Press-Releases-Statements\/Press-Release-View\/Article\/3608324\/us-and-international-partners-issue-recommendations-to-secure-software-products\/\">published a report<\/a> that included a list of memory-safe programming languages, <b>among them was the Python programming language<\/b>.<\/p>\n<p>The Python Software Foundation\u2019s <a href=\"https:\/\/www.regulations.gov\/comment\/ONCD-2023-0002-0107\">response to the US Government&#8217;s Request for Information<\/a> noted Python&#8217;s memory-safety and ability to wrap code written in C, C++, and Rust among other systems languages. Part of Python\u2019s popularity stems from the large number of community-maintained packages using this feature for performance, wrapping existing libraries, and low-level API access.<\/p>\n<p><a href=\"https:\/\/github.com\/pyca\/cryptography\">Cryptography<\/a> is one of the most depended on Python libraries for cryptographic primitives, installed nearly 10 million times per day. <a href=\"https:\/\/mail.python.org\/pipermail\/cryptography-dev\/2020-December\/000998.html\">Cryptography started migrating from using C to Rust<\/a> for security reasons in 2020 and made the first release with Rust binary extensions in 2021. You can listen to maintainers Paul Kehrer and Alex Gaynor <a href=\"https:\/\/www.youtube.com\/watch?v=z_Eiy2W0APU\">discuss this non-trivial migration in their PyCon 2022 talk<\/a>.<\/p>\n<p>The migration of the cryptography library included tools like <a href=\"https:\/\/pyo3.rs\/\">PyO3<\/a> and <a href=\"https:\/\/github.com\/PyO3\/setuptools-rust\">setuptools-rust<\/a> that enable easier adoption of Rust binary extensions. There\u2019s already plenty of buzz for using Rust and Python together, the adoption of Rust in Python packages is <b><a href=\"https:\/\/sethmlarson.dev\/security-developer-in-residence-weekly-report-18#querying-the-dataset\">steadily increasing<\/a> from the single digits in 2020 to today with hundreds of packages using Rust.<\/b><\/p>\n<p>There are many opportunities to learn about writing Python binary extensions using Rust, for example, at <a href=\"https:\/\/us.pycon.org\/2024\">PyCon US 2024<\/a> there will be a <a href=\"https:\/\/us.pycon.org\/2024\/schedule\/presentation\/113\/\">tutorial about getting started with PyO3<\/a> and a <a href=\"https:\/\/us.pycon.org\/2024\/schedule\/presentation\/89\/\">talk on PyO3 and maturin<\/a>, a <a href=\"https:\/\/github.com\/PyO3\/maturin\">PEP 517 build backend for Rust<\/a> by a maintainer of the PyO3 project.<\/p>\n<p>Historically Python binary extensions were built mostly using C and C++ meaning there are many projects which, for reasons like backwards compatibility or lack of resources and time, cannot or do not want to migrate to Rust. For these projects, the use of compiler options can harden binaries against some memory safety issues. The OpenSSF Best Practices working group has <a href=\"https:\/\/best.openssf.org\/Compiler-Hardening-Guides\/Compiler-Options-Hardening-Guide-for-C-and-C++\">published a list of compiler options<\/a> to consider adopting in order to harden builds of C and C++ code.<\/p>\n<p>There is still much work to be done to secure the Python ecosystem and it can\u2019t be done without our amazing community of contributors and maintainers. We look forward to more investment in this area as part of the industries\u2019 adoption of memory-safe programming languages. If you are interested in being part of conversations around improving security in Python, we invite you to open a thread on <a href=\"https:\/\/discuss.python.org\/\">discuss.python.org<\/a>.<\/p>\n\n<p class=\"syndicated-attribution\"><figure class= \\\"wp-block-image alignnone \\\"><img src= \\\"http:\/\/itteacheritfreelance.hk\/test\/wordpress\/wp-content\/uploads\/2016\/05\/logo2-2.png\\\" alt=\\\"IT\u96fb\u8166\u88dc\u7fd2 java\u88dc\u7fd2 \u70ba\u5927\u5bb6\u914d\u5c0d\u96fb\u8166\u88dc\u7fd2,IT freelance, \u79c1\u4eba\u8001\u5e2b, PHP\u88dc\u7fd2,CSS\u88dc\u7fd2,XML,Java\u88dc\u7fd2,MySQL\u88dc\u7fd2,graphic design\u88dc\u7fd2,\u4e2d\u5c0f\u5b78ICT\u88dc\u7fd2,\u4e00\u5c0d\u4e00\u79c1\u4eba\u88dc\u7fd2\u548cFreelance\u81ea\u7531\u5de5\u4f5c\u914d\u5c0d\u3002\\\"\/><figcaption>\u7acb\u523b\u8a3b\u518a\u53ca\u5831\u540d\u96fb\u8166\u88dc\u7fd2\u8ab2\u7a0b\u5427!<\/figcaption><\/figure>\r\n<\/br>Find A Teacher Form:\r\n<\/br>https:\/\/docs.google.com\/forms\/d\/1vREBnX5n262umf4wU5U2pyTwvk9O-JrAgblA-wH9GFQ\/viewform?edit_requested=true#responses\r\n<\/br><\/br>Email:\r\n<\/br>public1989two@gmail.com<br><br><br><br><br><br><br>\r\n<a href=www.itsec.hk style=color:#FFFFFF;>www.itsec.hk<\/a><br>\r\n<a href=\\\"www.itsec.vip\\\" style=color:#FFFFFF;>www.itsec.vip<\/a><br>\r\n<a href=\\\"www.itseceu.uk\\\" style=color:#FFFFFF;>www.itseceu.uk<\/a><br><\/p>","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>Earlier this week the White House published a report recommending the use of memory-safe programming languages to eliminate an entire class of vulnerabilities affecting software. The report quotes claims from large software producers like Google and Mi&#8230;<\/p>\n<\/div>","protected":false},"author":2051,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"slim_seo":{"title":"White House recommends use of memory-safe languages like Python - ITTeacherITFreelance.hk","description":"Earlier this week the White House published a report recommending the use of memory-safe programming languages to eliminate an entire class of vulnerabilities a"},"footnotes":""},"categories":[10700],"tags":[],"_links":{"self":[{"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/329611"}],"collection":[{"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/users\/2051"}],"replies":[{"embeddable":true,"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/comments?post=329611"}],"version-history":[{"count":1,"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/329611\/revisions"}],"predecessor-version":[{"id":329612,"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/329611\/revisions\/329612"}],"wp:attachment":[{"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/media?parent=329611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/categories?post=329611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/tags?post=329611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}