Ada and Rust are highlighted by the NSA and CISA in Memory Safe Language Information Sheet.

“The importance of memory safety cannot be overstated.”

Memory safety vulnerabilities, such as buffer overflows, have long plagued software systems. Examples such as Heartbleed and BadAlloc vulnerabilities exemplify the dangers posed by poor memory management. Heartbleed affected over 800,000 of the most visited websites and resulted in the theft of sensitive personal data, including millions of hospital patient records. BadAlloc impacted embedded devices, industrial control systems, and over 195 million vehicles, demonstrating how memory vulnerabilities threaten national security and critical infrastructure.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint Cybersecurity Information Sheet to highlight the importance of adopting memory-safe languages (MSLs) in improving software security and reducing the risk of security incidents.

The report highlights MSLs such as Ada and Rust that offer built-in protections against memory safety issues, making them a strategic choice for developing more secure software.

The information sheet goes on to explain how memory safe languages promote security by design.

“MSLs embed safety mechanisms directly into the language. This design prevents memory safety bugs from the outset. This approach represents a paradigm shift in approaching security.”

The NSA and CISA report raises several practical questions about adopting memory-safe languages (MSLs), many of which we at AdaCore are well-positioned to help address.

Choosing the correct language for the job
A common question is determining which MSL best fits a given application. Our technical paper, “Should I Choose Ada, SPARK, or Rust over C and C++?” provides a clear comparison and offers guidance on the most appropriate language based on use case, assurance requirements, and existing infrastructure.

Integrating MSLs into legacy systems
Introducing memory-safe languages into complex, existing codebases can be challenging. One effective strategy is to identify the most critical or vulnerable components and rewrite them in Ada or Rust. These components can then be integrated with the rest of the system using foreign-function interfacing (FFI). For cases where rewriting is impractical, memory-safe microprocessing hardware, like CHERI, offers a promising alternative. Organisations can benefit from CHERI's pure capability runtime memory safety checks that, in specific cases, even go beyond the safe memory usage features of memory-safe programming languages, like Ada and Rust. Our experience has shown that porting source code to a CHERI architecture often requires little effort and sometimes zero changes. By recompiling existing code with CHERI-enabled toolchains and executing verification strategies like integration tests, unit tests, and fuzzing on CHERI-enabled hardware or through emulation, assurance can be gained that an application is reading, writing, and handling memory safely.

Addressing challenges in constrained environments
Industrial control systems and embedded applications often face strict constraints on space, power, and processing resources. Fortunately, both Ada and Rust are designed with such systems in mind. Ada already has a long track record in these environments, with strong support for certification. For example, Ada has been used on projects with Astrium and MDA for International Space Station software components. While Rust is newer, it is evolving quickly, and its suitability for high-integrity development continues to grow.

Improving safety when MSL adoption isn’t viable
In cases where adopting an MSL isn't feasible due to constraints around tooling, certification, or project timelines, CHERI can provide a practical path forward. CHERI can introduce hardware-enforced memory safety without requiring a full transition to a new language.

Evaluating tooling maturity and readiness
Tool support is critical for safe and efficient development. Ada benefits from a mature ecosystem tailored for high-assurance software. This is demonstrated by:

• Decades of Reliability: Ada has been in continuous use and evolution since its inception in the early 1980s.

• Evolving Language Standards: Ada is actively maintained through ISO standardisation (current version: Ada 2022), ensuring the language evolves to meet modern development needs while retaining strong safety guarantees.

• Strong Typing and Safety Features: Ada enforces compile-time checks, type safety, and control over concurrency, dramatically reducing classes of runtime errors.

• Deterministic Behaviour: Ideal for real-time and embedded systems requiring predictable execution and precise control over hardware.

• Qualifiable Toolchains: Tools like GNAT Pro are designed with high-integrity development in mind and support certification efforts under standards like DO-178C, ISO 26262, and IEC 61508.

• Long-Term Maintenance and Support: Commercial Ada toolchains offer long-term support and stability, which is critical for systems with extended lifespans (e.g., aerospace or rail).

• Cross-Platform and Legacy Support: The Ada ecosystem supports various platforms and real-time operating systems, including legacy hardware still in active service.
  
  

At AdaCore, we are actively investing in the Rust toolchain to bring it to a comparable level of capability as Ada, particularly for safety-critical applications.

Aligning supply chain security with MSLs
Adopting memory-safe languages does not mean compromising on supply chain integrity. Both Ada and Rust can be integrated into secure development pipelines without trade-offs. Our toolchains and practices are designed to support traceability, auditability, and long-term maintainability, core elements of a secure software supply chain.

The persistent threat of memory safety vulnerabilities and the high-profile breaches they enable has made it clear that relying solely on traditional programming practices is no longer sufficient. Memory-safe languages like Ada and Rust provide a proactive, design-level approach to preventing such issues, offering built-in safeguards that help developers build inherently more secure systems. As highlighted in the joint NSA and CISA report, adopting MSLs represents a significant step forward in improving the resilience of both commercial and national infrastructure.