According to the Cybersecurity and Infrastructure Security Agency (CISA), memory safety vulnerabilities are the most prevalent type of disclosed software vulnerability. These vulnerabilities affect how memory can be accessed, written, allocated, or deallocated in unintended ways in programming languages.

When a developer builds something in certain legacy programming languages, often he or she is manually managing memory or “pointing” to other memory management tools, which can lead to issues. By contrast, languages with built-in, automated memory management capabilities tend to result in better application stability and performance, and better developer productivity because it enables the developer to focus on core development tasks.

As agencies experiment with automation tools like software factories that often utilize modern languages, or as they look to modernize their infrastructures generally, the notion of memory safety becomes critically important.

That's why I was so thrilled to have recently sat down with Joel Krooswyk, the Federal CTO at GitLab, an end-to-end DevSecOps platform that brings together all software delivery and deployment capabilities in one place. It also serves as a DevSecOps platform for teams to collaborate, review changes, and manage delivery across the software delivery lifecycle.

As Joel describes it, he sits where the product and policy come together. He had a lot to say about memory safety and the way teams can ensure they’re doing all they can to protect against memory-related vulnerabilities in order to advance a mission critical project – or any project for that matter.