CISA and Global Partners Press for Memory-Safe Roadmaps — November 14, 2023

Executive briefing: On 14 November 2023 CISA, the FBI, NSA, and 16 international cybersecurity authorities released guidance titled "The Case for Memory Safe Roadmaps". The publication calls on software suppliers to adopt memory-safe programming languages, modern mitigations, and secure development lifecycle controls. CISA has since used its Secure by Design pledge to demand public memory safety milestones and quarterly reporting from participating software manufacturers.

Core recommendations

• Roadmap publication. Vendors should share timelines for migrating critical products from C and C++ code to languages with built-in memory safety or apply hardening techniques where rewrites are infeasible.
• Secure-by-design expectations. The guidance encourages default safety features—such as control-flow integrity and address space layout randomization—across product portfolios.
• Supply chain transparency. Agencies recommend providing customers with SBOMs and vulnerability reporting channels to track legacy components.

Control alignment guidance

• CISA Secure by Design Pledge. Align roadmap commitments with the voluntary product security principles announced at the 2024 RSA Conference.
• ISO/IEC 27034. Integrate memory safety objectives into application security lifecycle governance and secure coding policies.
• OWASP SAMM. Update assurance programs to monitor language selection, compiler hardening, and dependency hygiene.

Operational recommendations

• Inventory products that rely on unmanaged memory and prioritize components exposed to the internet or critical infrastructure customers.
• Adopt modern toolchains—such as clang with memory sanitizers or Rust/C# rewrites—for high-risk modules.
• Communicate roadmap milestones to customers via product security portals and coordinate with CERTs on vulnerability disclosures.

Related briefings

Curated signals from the same pillar or overlapping topics.

Cybersecurity · Credibility 91/100 · April 30, 2024

CISA Launches Secure by Design Pledge — April 30, 2024

CISA invited major technology manufacturers to commit to seven measurable secure-by-design goals covering memory-safe languages, MFA by default, and vulnerability disclosure performance.

Cybersecurity · Credibility 88/100 · November 2, 2023

Microsoft Launches Secure Future Initiative to Accelerate Secure-by-Design Commitments

On November 2, 2023 Microsoft announced the Secure Future Initiative, committing to default multi-factor authentication, expanded memory-safe development, and rapid cloud patching SLAs across Microsoft platforms…

Cybersecurity · Credibility 91/100 · October 30, 2023

Executive Order 14110 on Safe, Secure, and Trustworthy AI — October 30, 2023

Executive Order 14110 directs NIST, DHS, and sector risk agencies to build secure-by-design AI guidance, critical infrastructure risk frameworks, and red-teaming regimes—demanding governance to oversee compliance…

Cybersecurity · Credibility 90/100 · September 19, 2023

CISA Launches Secure Our World Cyber Awareness Campaign — September 19, 2023

CISA’s Secure Our World awareness campaign, launched 19 September 2023, sets four behavioural pillars that boards must fold into governance metrics while security, HR, and privacy teams execute training, technology, and…

Cybersecurity · Credibility 89/100 · August 3, 2023

CISA Unveils 2024–2026 Cybersecurity Strategic Plan — August 3, 2023

CISA’s 2024–2026 strategic plan requires executive governance to steer joint cyber defence planning, phased implementation across the three mission goals, and privacy-aware evidence collection to satisfy DSARs tied to…

Continue in the Cybersecurity pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Cybersecurity Operations Playbook — Zeph Tech

  Use Zeph Tech research to align NIST CSF 2.0, CISA KEV deadlines, and sector mandates across threat intelligence, exposure management, and incident response teams.