This voluntary guidance provides an overview of product security bad practices that are deemed exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs).
Just because you can, doesn’t mean you should. For application code, it’s almost always better to use a language with garbage collection, in order to get memory safety without undue ceremony. Yes, some gc-ed languages are slow (Python, Ruby), but others are quite fast (JVM, .NET, Common Lisp, Haskell).
Just because you can, doesn’t mean you should. For application code, it’s almost always better to use a language with garbage collection, in order to get memory safety without undue ceremony. Yes, some gc-ed languages are slow (Python, Ruby), but others are quite fast (JVM, .NET, Common Lisp, Haskell).