Skip to content

Proposed new reference skill: Memory-safe language migration #46

Description

@santosomar

I'd like to propose a new reference skill for Project CodeGuard that guides AI coding agents through secure migration from memory-unsafe languages (C, C++) to memory-safe languages (Rust, Go, Java, C#, Swift), aligned with CISA/NSA memory safety guidance and secure-by-design principles.

This skill addresses a gap that sits at the intersection of CodeGuard's mission and an increasingly urgent industry need. AI coding agents are accelerating software development, but they're equally happy generating new C/C++ code as they are generating Rust or Go. Without explicit guidance, agents default to whatever language the project already uses; perpetuating memory-unsafe codebases even when a safe alternative is viable.

Instead of just having the reference directory called "owasp", we should change it to something like "additional skills" and add this there.

Motivation

Memory safety vulnerabilities (buffer overflows, use-after-free, dangling pointers, double-free, data races) remain the root cause of 60-70% of critical CVEs in major software projects. Government and industry guidance has converged on memory-safe languages as the most effective mitigation:

  • CISA/NSA (2025): "Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development" — urges adoption of MSLs as the most comprehensive mitigation against memory vulnerabilities
  • CISA (2023): "The Case for Memory Safe Roadmaps" — called for organizations to publish memory safety roadmaps by January 1, 2026
  • White House ONCD (2024): "Back to the Building Blocks" — laid out a national plan for MSL adoption
  • Google Android case study: By writing all new code in memory-safe languages (Rust, Java) starting in 2019, Android reduced memory safety vulnerabilities from 76% to 24% of total CVEs by 2024 — without rewriting existing code

Additionally, recent advanced AI models like Mythos/Project Glasswing are dramatically accelerating vulnerability discovery, making memory-unsafe code an increasingly attractive and exploitable target. We specifically recommends that organizations replace legacy systems with modern platforms featuring memory safety mechanisms and exploit mitigations.

CodeGuard already covers cryptography, input validation, authentication, authorization, supply chain, and cloud security. A memory-safe migration skill would close an important gap, ensuring that AI coding agents don't just write functionally correct code, but write code in languages that eliminate entire vulnerability classes by design.

What the skill covers

Proactive prevention (the most important part)

When an AI agent is about to generate new C/C++ code, the skill checks whether a memory-safe alternative is viable and defaults to it. This is the "secure-by-default" behavior — preventing new unsafe code before it's written.

Migration guidance

When explicitly migrating code, the skill provides:

  • Assessment checklist — scored priority evaluation covering vulnerability history, exposure surface, AI risk acceleration, and feasibility factors
  • Language selection guide — decision matrix mapping use cases to recommended MSLs (Rust for systems/crypto/network, Go for services/CLI, Java/C# for enterprise, Swift for Apple platforms)
  • FFI boundary security rules — treating every interface between safe and unsafe code as a security boundary, with rules for input validation, memory ownership, panic safety, thread safety, and string encoding
  • Common migration patterns — side-by-side C/C++ → Rust/Go/Java code for buffers, strings, linked structures, concurrency, error handling, file I/O, and network servers
  • Validation requirements — functional equivalence, fuzzing, sanitizers, benchmarking, dependency audit
  • Anti-patterns — false safety wrappers, excessive unsafe, migrating without tests, ignoring error handling differences

CodeGuard unified source rule

Enforceable rules including:

  • Default to memory-safe languages for new code
  • Banned unsafe C functions (gets, strcpy, strcat, sprintf, vsprintf) with safe replacements
  • Minimize and document unsafe blocks in Rust
  • Validate all inputs at FFI boundaries
  • Enforce memory ownership across FFI (allocator that created memory must free it)
  • Never panic across FFI boundaries
  • Use safe concurrency patterns
  • Proper resource management in GC languages

Assessment script

A Python script (assess-migration.py) that statically analyzes C/C++ source files and produces a prioritized migration report based on unsafe function usage, network exposure, pointer arithmetic, buffer declarations, concurrency patterns, and cryptographic code. Supports both human-readable and JSON output for CI/CD integration.

Proposed file structure

memory-safe-migration/
├── SKILL.md                                    # Main skill (Agent Skills standard)
├── scripts/
│   └── assess-migration.py                     # Static analysis assessment tool
├── references/
│   ├── language-selection.md                   # Target language decision matrix
│   ├── ffi-security.md                         # FFI boundary security rules
│   ├── migration-patterns.md                   # C/C++ → MSL code patterns
│   └── assessment-checklist.md                 # Priority scoring checklist
└── README.md                                   # Documentation

Implementation

I have a complete working implementation ready to submit as a PR, including:

  • SKILL.md following the Agent Skills open standard (agentskills.io) with progressive disclosure
  • Four reference documents with detailed guidance and code examples in Rust, Go, Java, and C
  • A tested Python assessment script
  • A CodeGuard unified source rule with YAML frontmatter

The skill has been tested against sample C codebases and correctly identifies and prioritizes vulnerable components for migration.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Fields

No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions