Forward-looking: Google adds its voice to the growing consensus for an industry-wide progress towards secure programming practices. There is a standardization opportunity for every player involved in the software business, with billions in savings to gain and better security for all. Security vulnerabilities related to memory safety are becoming increasingly troublesome among companies and organizations dealing with software products. The US Cybersecurity and Infrastructure Security Agency (CISA) recently urged developers to eliminate buffer overflow bugs. Google is now pushing for the entire software industry to step up against the dreadful flaws in memory-related routines."Memory safety" means protecting a software project or code snippet against various flaws related to memory access, like buffer overflows or wild pointers. When the code doesn't provide enough protection to memory routines, cyber-criminals or adversarial state actors (Russia, China, Iran) can exploit memory-access bugs to compromise systems, steal sensitive data, or gain access to protected networks.Google noted that the abuse of memory safety vulnerabilities has eroded trust in technology and caused damages for billions. Traditional approaches conceived to strengthen popular programming languages are helpful but aren't enough to stop the tide of easily exploitable vulnerabilities anymore.Newer programming languages such as Rust, Kotlin, or safe "subsets" for traditional languages like Safe Buffers for C++ are designed to enforce memory safety from the get-go. These tools have already proven themselves effective, with a "significant" reduction in vulnerabilities in Android. New hardware technologies, such as Arm's Memory Tagging Extension or the Capability Hardware Enhanced RISC Instructions, provide a complementary defense for existing (potentially unsafe) code.Google proposed a new collective commitment to a common goal: eliminating this class of vulnerabilities through strong secure-by-design programming practices. The CISA also suggested the secure-by-design approach, but Google is pushing the goal even further with its blueprint.Google's framework for an industry-wide memory safety standard supports diverse approaches, with different security properties programmers need to achieve rather than specific implementation details. Developers should tailor memory safety requirements based on various needs, with varying levels of memory security for different applications. So, it's more of a guideline approach than a template. // Related StoriesThe framework should also define criteria and metrics for an objective security compliance assessment, similar to how we assess energy efficiency. This technology-neutral framework should be practical and actionable, with best practices for existing technologies and guidance on leveraging specific solutions to meet the new standards.Google isn't simply theorizing a novel approach to build a more secure software industry. The company has partnered with industry players and academic institutions to develop these standards."The journey towards memory safety requires a collective commitment to standardization," Google said. "We need to build a future where memory safety is not an afterthought but a foundational principle, a future where the next generation inherits a digital world that is secure by design."