The White House is recommending critical software be written in memory safe languages to eliminate vulnerabilities. Meanwhile, Nvidia's CEO sparked debate by arguing kids should skip coding since AI can generate it, though experts disagree given programming's enduring value. With security suffering due to outdated "zombie code" components according to a new report, addressing software vulnerabilities remains imperative.

— Forrest Knight & Meghanadh Vasireddy

White House Recommends Software Be Written in Memory Safe Languages

The White House Office of the National Cyber Director (ONCD) has released a new technical report with recommendations for improving software security.

Memory Safety: The report calls on the software industry to adopt memory-safe programming languages. Memory safety vulnerabilities are a major cause of software bugs and cybersecurity threats.

• Languages like Rust, Go, and Java eliminate many memory safety issues through automatic memory management

• New hardware extensions like memory tagging provide runtime checking of memory accesses

Adopting memory safe languages and capabilities for critical systems would drastically reduce vulnerabilities.

Measurability: The report also advocates for better ways to measure software security that would:

• Allow prioritizing vulnerabilities based on data rather than guesses

• Provide visibility into supply chain risks

• Incentivize long-term security investments

The ONCD is urging CEOs and technical leaders to adopt memory safe languages and practices as a crucial step toward securing software against threats.

Read More Here

Nvidia CEO Claims Kids Should Skip Learning Coding

Nvidia CEO Jensen Huang recently made a controversial statement during a speech. He claimed that kids should not learn coding since AI is now advanced enough to handle most programming tasks.

Huang argued that rather than spend time learning languages like Python or Java, young people should focus their efforts on building domain expertise in areas like:

• Biology

• Manufacturing

• Agriculture

His reasoning is that as AI translation systems get better at turning regular human language into working code, programming languages themselves will become irrelevant. In his view, human languages will be sufficient for "programming" using AI.

Many industry experts objected to Huang's viewpoint:

They point out that while AI tools like GitHub Copilot are handy helpers, human guidance and specialized know-how is still essential for managing large, complex software projects. Additionally, learning coding principles teaches beneficial logical thinking skills that apply across many technical fields.

While AI will surely keep revolutionizing software development, the consensus is that core programming skills remain important for now and demand for qualified human developers is likely to stay strong for decades. Given this, most experts feel Huang's advice for kids to avoid learning coding seems short-sighted, even coming from the CEO of a major AI chip company.

Read More Here

Security suffering due to a “zombie code” apocalypse

Synopsys released its yearly Open Source Security and Risk Analysis report, which examines the security of open source code across many industries.

Outdated Components

• 91% of codebases have old, unsupported "zombie code" open source components

• 49% have no development activity in 2+ years

The report also found the average age of vulnerabilities is 2.5 years, with nearly 25% over 10 years old. Compared to last year, the prevalence of high-risk vulnerabilities jumped from 48% to 74% of codebases.

Reasons given include:

• Layoffs reducing available developers to update and secure code

• Pressure to deliver faster leads teams to cut corners on dependency management

Licensing Issues 

• 53% have open source license conflicts

• 31% no license or invalid license

Read More Here

🔥 More Notes

• Octopus Deploy acquires Codefresh, expanding its CI/CD capabilities with GitOps

• Mistral AI announces its largest AI model yet and a partnership with Microsoft for deployment

• Demystifying GPUs for CPU-centric programmers

🎥 Youtube Spotlight

The Trillion Dollar Equation

The Trillion Dollar Equation explores the impact of a revolutionary equation from physics on the financial markets. It delves into how physicists and mathematicians have used this equation to beat the stock market, understand the pricing of options, and pioneer innovative strategies in the finance industry.

Was this forwarded to you? Sign Up Here