Explanation: For software written in non memory-safe languages (for example, C/C++), use compiler transforms that enforce memory safety (for example, SAFECode,4 WIT,5 Baggy Bounds Checking,6 and SoftBound7). Develop policy on what to do when a runtime error is detected (for example, reset device).
Vulnerabilities addressed: Addresses memory access errors.
Developer resources required: Requires access to software checking tools and source code.
Evaluator resources required: Requires the ability to rerun tools used by the developer on the source/binary; confirming that an appropriate compiler has compiled all the software with the instrumentation enabled.