Skip to content

Commit

Permalink
Merge pull request #19 from ossf/js-bp
Browse files Browse the repository at this point in the history 
✨ initial guidance for JS memory management
  • Loading branch information
@nellshamrell
nellshamrell committed Jan 25, 2024
2 parents 71e95a7 + 8f83bff commit 4e7063d
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
6 changes: 5 additions & 1 deletion docs/best-practice-memory-safe-by-default-languages.md
View file
@@ -1,6 +1,6 @@
# Best Practices - Memory-Safe By Default Languages

While Memory-Safe by default languages are, by definition, memory safe by default, there are ways that the can be used unsafely (or less safely). Here are best developer practices for using these languages.
While Memory-Safe by default languages are, by definition, memory-safe by default, there are ways that they can be used unsafely (or less safely). Here are best developer practices for using these languages.

## Python

Expand All @@ -22,6 +22,10 @@ TO DO

TO DO

## JavaScript

* Follow the [Memory management guide](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Memory_management)

## Java

TO DO
2 changes: 1 addition & 1 deletion docs/revised-stream-4-language.md
View file
Expand Up @@ -13,7 +13,7 @@ In this doc we have standardized on this terminology/spelling:

It is common for vulnerabilities to result from a program mismanaging memory. These types of vulnerabilities are called memory safety vulnerabilities.

Some programming languages, including Rust, Go, and Java, are commonly referred to as "memory-safe languages". By default, these languages prevent programmers from making the mistakes that result in classes of memory safety vulnerabilities. Other languages, including C and C++, are commonly referred to as "memory unsafe languages". Be default, these languages do not prevent programmers from making the mistakes that result in classes of memory safety vulnerabilities.
Some programming languages, including Rust, Go, JavaScript, and Java, are commonly referred to as "memory-safe languages". By default, these languages prevent programmers from making the mistakes that result in classes of memory safety vulnerabilities. Other languages, including C and C++, are commonly referred to as "memory unsafe languages". Be default, these languages do not prevent programmers from making the mistakes that result in classes of memory safety vulnerabilities.

Microsoft estimates that 70% of the vulnerabilities in its products (those that were built with memory unsafe languages) over the past decade are memory safety vulnerabilities[^1]. Google estimates that 90% of vulnerabilities in Android media and Bluetooth components are memory safety vulnerabilities[^2].

Expand Down

0 comments on commit 4e7063d

Please sign in to comment.