This is the government's strongest stance yet on software security, which puts manufacturers on notice: fix dangerous coding practices or risk being labeled as negligent.
“Putting all new code aside, fortunately, neither this document nor the U.S. government is calling for an immediate migration from C/C++ to Rust — as but one example,” he said. “CISA’s Secure by Design document recognizes that software maintainers simply cannot migrate their code bases en masse like that.”
Companies have until January 1, 2026, to create memory safety roadmaps.
All they are asking for by that date is a roadmap for dealing with memory safety issues, not rewrite everything.
That sounds like policy written by somebody who has no idea what the reality of software development is.
1 year to rewrite critical software in a new language?
Solid detective work Lou.
Did you read the article at all?
All they are asking for by that date is a roadmap for dealing with memory safety issues, not rewrite everything.
That sounds like a comment written by somebody who has no idea what the article says