It-sikkerhed

It-sikkerhed (også kendt som cyber-sikkerhed eller computersikkerhed) er informationssikkerhed anvendt på computere og datanet (computernetværk).

Området dækker alle processerne og mekanismerne med hvilken computer-baseret udstyr, information og services er beskyttet mod utilsigtet eller uautoriseret adgang, ændring eller destruktion. It-sikkerhed omfatter også beskyttelse mod uplanlagte hændelser og naturkatastrofer.

Ifølge USAs CISA-chef Jen Easterly er dårlig softwarekvalitet skyld i verdens cybersikkerhedsproblemer.^[1]^[2] CISA anbefaler at softwareudviklere skriver deres computerprogrammer i hukommelsessikre programmeringssprog som fx Rust, Python, C#, Go, Swift eller Java - især Rust fremhæves som et godt hukommelsessikkert programmeringssprog.^[3]^[4] USAs DARPA foreslår at konvertere C-kode til Rust-kode via maskinlæring. Projektet kaldes TRanslating All C TO Rust - kort TRACTOR.^[5]

^ 2024-09-20, version2.dk: USA’s cyberchef: Dårlige software-udviklere er den største trussel mod sikkerheden. CISA-chefen Jen Easterly skoser teknologileverandører for at levere produkter med indbyggede sikkerhedsproblemer, der åbner dørene for cyberangreb, backup Citat: "...»Vi har ikke et cybersikkerhedsproblem – vi har et softwarekvalitetsproblem. Vi har ikke brug for flere sikkerhedsprodukter – vi har brug for mere sikre produkter,« sagde chefen for den amerikanske cybersikkerhedsmyndighed CISA (Cybersecurity and Infrastructure Security Agency) Jen Easterly på en konference onsdag ifølge The Register. »Sandheden er: Teknologileverandører er de personer, der bygger problemer« ind i deres produkter, som derefter »åbner dørene for skurke, så de kan angribe deres ofre.«..."
^ 2024-09-20, theregister.com: CISA boss: Makers of insecure software are the real cyber villains. Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret', backup
^ 28 Jun 2024, theregister.com: CISA looked at C/C++ projects and found a lot of C/C++ code. Wanna redo any of it in Rust? So, so many lines of memory-unsafe routines in crucial open source, and unsafe dependencies, backup Citat: "...Memory-safe languages, like C#, Go, Java, Python, Rust, and Swift, handle memory management for the developer, reducing the opportunity to make memory errors...The 2015 stable release of Rust, a language with strong memory-safety guarantees, gave tech firms a non-aligned systems language they could use to avoid the problems with memory-unsafe code. The competitive implications of adopting languages with strong corporate associations, like C# (Microsoft), Go (Google), Swift (Apple), or Java (Oracle) may have helped make Rust more appealing. But it took a few years for Rust to mature and catch on..."
^ June 26, 2024, cisa.gov: Exploring Memory Safety in Critical Open Source Projects, backup Citat: "...We encourage others to build on this analysis to further expand our collective understanding of memory-unsafety risk in OSS, evaluate approaches—such as targeted rewrites of critical components in memory-safe languages—to reducing this risk, and to continue efforts to drive risk-reducing action by software manufacturers. For those considering further investment in memory safe programming practices, we recommend two references: The Case for Memory Safe Roadmaps and the December 2023 report on memory safety by the Technical Advisory Council of CISA’s Cybersecurity Advisory Committee.37..."
^ 3 Aug 2024, theregister.com: DARPA suggests turning old C code automatically into Rust – using AI, of course. Who wants to make a TRACTOR pull request?, backup Citat: "...The term stands for TRanslating All C TO Rust. It's a DARPA project that aims to develop machine-learning tools that can automate the conversion of legacy C code into Rust. The reason to do so is memory safety. Memory safety bugs, such buffer overflows, account for the majority of major vulnerabilities in large codebases. And DARPA's hope is that AI models can help with the programming language translation, in order to make software more secure..."I think all languages are about trade-offs, but certainly at the kernel-level it makes sense to move part of the code to Rust," he said..."

[1] 2024-09-20, version2.dk: USA’s cyberchef: Dårlige software-udviklere er den største trussel mod sikkerheden. CISA-chefen Jen Easterly skoser teknologileverandører for at levere produkter med indbyggede sikkerhedsproblemer, der åbner dørene for cyberangreb, backup Citat: "...»Vi har ikke et cybersikkerhedsproblem – vi har et softwarekvalitetsproblem. Vi har ikke brug for flere sikkerhedsprodukter – vi har brug for mere sikre produkter,« sagde chefen for den amerikanske cybersikkerhedsmyndighed CISA (Cybersecurity and Infrastructure Security Agency) Jen Easterly på en konference onsdag ifølge The Register. »Sandheden er: Teknologileverandører er de personer, der bygger problemer« ind i deres produkter, som derefter »åbner dørene for skurke, så de kan angribe deres ofre.«..."

[2] 2024-09-20, theregister.com: CISA boss: Makers of insecure software are the real cyber villains. Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret', backup

[3] 28 Jun 2024, theregister.com: CISA looked at C/C++ projects and found a lot of C/C++ code. Wanna redo any of it in Rust? So, so many lines of memory-unsafe routines in crucial open source, and unsafe dependencies, backup Citat: "...Memory-safe languages, like C#, Go, Java, Python, Rust, and Swift, handle memory management for the developer, reducing the opportunity to make memory errors...The 2015 stable release of Rust, a language with strong memory-safety guarantees, gave tech firms a non-aligned systems language they could use to avoid the problems with memory-unsafe code. The competitive implications of adopting languages with strong corporate associations, like C# (Microsoft), Go (Google), Swift (Apple), or Java (Oracle) may have helped make Rust more appealing. But it took a few years for Rust to mature and catch on..."

[4] June 26, 2024, cisa.gov: Exploring Memory Safety in Critical Open Source Projects, backup Citat: "...We encourage others to build on this analysis to further expand our collective understanding of memory-unsafety risk in OSS, evaluate approaches—such as targeted rewrites of critical components in memory-safe languages—to reducing this risk, and to continue efforts to drive risk-reducing action by software manufacturers. For those considering further investment in memory safe programming practices, we recommend two references: The Case for Memory Safe Roadmaps and the December 2023 report on memory safety by the Technical Advisory Council of CISA’s Cybersecurity Advisory Committee.37..."

[5] 3 Aug 2024, theregister.com: DARPA suggests turning old C code automatically into Rust – using AI, of course. Who wants to make a TRACTOR pull request?, backup Citat: "...The term stands for TRanslating All C TO Rust. It's a DARPA project that aims to develop machine-learning tools that can automate the conversion of legacy C code into Rust. The reason to do so is memory safety. Memory safety bugs, such buffer overflows, account for the majority of major vulnerabilities in large codebases. And DARPA's hope is that AI models can help with the programming language translation, in order to make software more secure..."I think all languages are about trade-offs, but certainly at the kernel-level it makes sense to move part of the code to Rust," he said..."

[1]

[2]

[3]

[4]

[5]