{"id":18508421,"url":"https://github.com/ossf/memory-safety","last_synced_at":"2025-09-15T20:42:35.742Z","repository":{"id":157471452,"uuid":"618492493","full_name":"ossf/Memory-Safety","owner":"ossf","description":null,"archived":false,"fork":false,"pushed_at":"2025-07-10T23:04:29.000Z","size":2359,"stargazers_count":28,"open_issues_count":13,"forks_count":15,"subscribers_count":23,"default_branch":"main","last_synced_at":"2025-07-27T09:32:57.426Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ossf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-03-24T15:29:50.000Z","updated_at":"2025-07-24T17:11:07.000Z","dependencies_parsed_at":null,"dependency_job_id":"6358180a-e0b6-4570-98a1-f6f7d91c58be","html_url":"https://github.com/ossf/Memory-Safety","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":"ossf/project-template","purl":"pkg:github/ossf/Memory-Safety","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2FMemory-Safety","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2FMemory-Safety/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2FMemory-Safety/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2FMemory-Safety/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ossf","download_url":"https://codeload.github.com/ossf/Memory-Safety/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2FMemory-Safety/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275319590,"owners_count":25443826,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-15T02:00:09.272Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T15:14:18.636Z","updated_at":"2025-09-15T20:42:35.699Z","avatar_url":"https://github.com/ossf.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# **OpenSSF Memory Safety Special Interest Group (SIG)**\n\nThe Memory Safety SIG is a group working within the [OpenSSF's Best Practices Working Group](https://github.com/ossf/wg-best-practices-os-developers) formed to advance and deliver upon [The OpenSSF's Mobilization Plan - Stream 4](https://8112310.fs1.hubspotusercontent-na1.net/hubfs/8112310/OpenSSF/White%20House%20OSS%20Mobilization%20Plan.pdf?hsCtaTracking=3b79d59d-e8d3-4c69-a67b-6b87b325313c%7C7a1a8b01-65ae-4bac-b97c-071dac09a2d8).\n\n## **Motivation**\n\nMemory safety vulnerabilities, caused by mistakes in memory management, are common in unsafe programming languages like C and C++.This type of vulnerability is responsible for a majority of security breaches, with estimates from Microsoft and Google showing that up to 70% and 90% of vulnerabilities in their products, respectively, are memory safety vulnerabilities.\n\nMemory safe languages like Rust, Go, JavaScript, and Java are less prone to these types of errors. The consequences of these vulnerabilities are not just technical, but can result in significant financial losses and invasion of personal data and privacy. A recent analysis by Google Project Zero showed that 67% of vulnerabilities exploited in the wild were due to a lack of memory safety, making it a critical issue that needs to be addressed in software development.\n\n## **Objective**\n\n**Vision**: Eliminate memory safety vulnerabilities (in Open Source Software (OSS).\n\n**Mission**: Understand and reduce memory safety vulnerabilities in OSS.\n\n## **Scope**\n\nDevelop pragmatic guidance, standards, and software (including tools, tool improvements, and rewrites), along with advocating such changes, to systematically reduce memory safety vulnerabilities through the use of memory-safe programming languages and techniques, all informed by real-world data and risks.\n\n## **Prior Work**\n\n* N/A\n\n## **Get Involved**\n\n* Official communications occur on the [openssf-sig-memory-safety@lists.openssf.org](https://lists.openssf.org/g/openssf-sig-memory-safety/topics).  \\\n[Manage your subscriptions to Open SSF mailing lists](https://lists.openssf.org/g/main/subgroups).\n* [Memory Safety SIG Slack](https://openssf.slack.com/archives/C03G8NZH58R)\n\n### Quick Start\n\n* Areas that need contributions\n* [ ] Review of the Proposed Stream #4 Mobilization Plan\n* [File issues](https://github.com/ossf/Memory-Safety/issues)\n\n## **Meeting times**\n\n* Every other Thursday @ 13:00am EST. The invite is available on the [OpenSSF Community Calendar](https://calendar.google.com/calendar/u/0/r?cid=czYzdm9lZmhwNWk5cGZsdGI1cTY3bmdwZXNAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ).\n* [Meeting Minutes](https://docs.google.com/document/d/1RnIzqeKyrOJvs6vQ8xGH6TjZDoEFaGUs1NkAx--v_3Y/edit?tab=t.0)\n\n## **Governance**\n\nThe [CHARTER.md](CHARTER.md) outlines the scope and governance of our group activities.\n\n* Lead name: [Nell Shamrell-Harrington](https://github.com/nellshamrell)\n* Co-Lead name: [Avishay Balter, Microsoft](https://github.com/balteravishay)\n\n### SIG Maintainers\n\n* [Christopher \"CRob\" Robinson, Intel](https://github.com/SecurityCRob)\n* [David A Wheeler, LF/OSSF](https://github.com/david-a-wheeler)\n\n### SIG Collaborators\n\n* [Jay White, Microsoft](https://github.com/camaleon2016)\n* [Gabriel Dos Reis (Microsoft)](https://github.com/GabrielDosReis)\n* [Charles Palmer (IBM)](https://github.com/ccpalmer)\n* [David Edelsohn (IBM)](https://github.com/edelsohn)\n* [Walter Pearce](https://github.com/walterpearce)\n* [Josh Aas (he/him, ISRG/Prossimo)](https://github.com/bdaehlie)\n* [Jonathan Leitschuh (he/him) OpenSSF](https://github.com/JLLeitschuh)\n* [Christine Abernathy, F5](https://github.com/caabernathy)\n* [Randall T. Vasquez, Gentoo/Homebrew](https://github.com/ran-dall)\n\n## **Intellectual Property**\n\nIn accordance with the [OpenSSF Charter (PDF)](https://charter.openssf.org/), work produced by this group is licensed as follows:\n\n1. Software source code\n\n    * Apache License, Version 2.0, available [here](https://www.apache.org/licenses/LICENSE-2.0);\n\n2. Data\n\n    * Any of the Community Data License Agreements, available [here](https://www.cdla.io);\n\n3. Specifications\n\n    * Community Specification License, Version 1.0, available [here](https://github.com/CommunitySpecification/1.0)\n\n4. All other Documentation\n\n    * Creative Commons Attribution 4.0 International License, available [here](https://creativecommons.org/licenses/by/4.0/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fossf%2Fmemory-safety","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fossf%2Fmemory-safety","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fossf%2Fmemory-safety/lists"}