Ryan Daws is a senior editor at TechForge Media with over a decade of experience in crafting compelling narratives and making complex topics accessible. His articles and interviews with industry leaders have earned him recognition as a key influencer by organisations like Onalytica. Under his leadership, publications have been praised by analyst firms such as Forrester for their excellence and performance. Connect with him on X or Mastodon.
Google has unveiled compelling data highlighting the efficacy of its “Safe Coding” approach in reducing memory safety vulnerabilities.
The tech giant’s strategy, which prioritises the use of memory-safe programming languages for new code development, has yielded impressive results. Most notably, Android has seen a sharp decline in memory safety vulnerabilities, plummeting from 76% of all vulnerabilities in 2019 to just 24% in 2024.
This reduction is particularly significant given that the industry norm for memory safety issues hovers around 70%. Google’s success in this arena offers a beacon of hope for developers grappling with similar security challenges.
The essence of Google’s strategy highlights a paradoxical point: by emphasizing secure coding techniques in new developments, the overall security threat in a software’s codebase can be effectively minimized, despite an increase in the amount of code that is memory-unsafe.
According to Google, security issues in a codebase decline at an exponential rate, demonstrating a significant half-life.
“An extensive research project presented at the 2022 Usenix Security conference validated this insight. It was discovered that most vulnerabilities are found in recently created or modified code,” states Google.
This observation highlights two essential lessons for software developers:
According to Google’s research, code that has aged five years exhibits a significantly lower chance of vulnerabilities, ranging from 3.4 times to 7.4 times less susceptible, depending on the context in question.
Google argues against the complete overhaul of old code that is not memory-safe. Instead, it highlights the value of ensuring compatibility between languages that are memory-safe and those that are not. This method enables organizations to maintain their prior efforts while also pushing forward the creation of newer, safer functionalities.
In aid of this policy, Google has endowed the Rust Foundation with a grant of £790,000 and has also developed tools to aid in interoperability such as Crubit and autocxx.
With the move towards Safe Coding practices, Google predicts a reduction in the dependency on established methods of exploit prevention and proactive detection, like fuzzing. However, these practices are expected to remain in use, becoming more focused and more powerful when implemented on concise and isolated code segments.
For software developers, Google’s findings offer a clear directive: prioritising memory-safe languages for new development can yield significant security benefits—even in large existing systems. By “turning off the tap” of new vulnerabilities, developers can leverage the natural decay of existing issues to enhance overall system security.
As the software industry continues to grapple with security challenges, Google’s Safe Coding strategy presents a promising path forward, offering a scalable and sustainable approach to building high-assurance software.
(Photo by Arthur Osipyan)
See also: General app stability improves as crash-free sessions near 100%
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including BlockX, Digital Transformation Week, IoT Tech Expo, and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.