Memory safety vulnerabilities continue to plague ICS: Here’s what to do about it

October 24, 2024
Security Brief Logo

In his article “Memory Safety Vulnerabilities Continue to Plague ICS: Here’s What to Do About It,” Shane Fry, CTO of RunSafe Security, addresses the persistent issue of memory safety vulnerabilities in Industrial Control Systems (ICS). Despite decades of efforts to mitigate them, the number of vulnerabilities has surged, with over 3,000 CVEs reported in 2022 alone. These vulnerabilities, especially prevalent due to the use of C/C++ languages, threaten critical infrastructure and demand immediate attention.

Shane highlights the growing concern from government agencies like the NSA and CISA, as well as EU regulations pushing for secure-by-design principles and the use of Software Bills of Materials (SBOMs). However, the transition to memory-safe languages faces challenges such as limited ecosystem support, a shortage of skilled developers, and the time-intensive process of migration.

To address the issue now, Shane advocates for implementing Runtime Application Self Protection (RASP) in ICS environments. RASP can harden software binaries without rewriting code, actively defending systems from memory safety exploits while introducing minimal overhead.

Read the full article here

Perspectives on XSS Vulnerabilities with RunSafe’s CTO

XSS vulnerabilities are a 30-year-old security flaw that won't go away. Recently, CISA and the FBI sounded the alarm on cross-site scripting - but why now? And could AI make the problem even worse? Shane Fry, CTO at RunSafe Security, and industry experts weighed in on...

read more

RunSafe CTO Discusses The Spacecraft Cybersecurity Act

Shane Fry, CTO at RunSafe Security, joined the Federal News Network on The Space Hour podcast to discuss The Spacecraft Cybersecurity Act and what spacecraft manufacturers can do to build cyber protections in during the manufacturing stage. "A lot of software running...

read more