Automated memory safety error mitigation and compiler-enforced buffer overflow elimination


Explanation: For software written in non memory-safe languages (for example, C/C++), use compiler transforms that enforce memory safety (for example, SAFECode,4 WIT,5 Baggy Bounds Checking,6 and SoftBound7). Develop policy on what to do when a runtime error is detected (for example, reset device).

Vulnerabilities addressed: Addresses memory access errors.

Developer resources required: Requires access to software checking tools and source code.

Evaluator resources required: Requires the ability to rerun tools used by the developer on the source/binary; confirming that an appropriate compiler has compiled all the software with the instrumentation enabled.