This voluntary guidance provides an overview of product security bad practices that are deemed exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs).
I'm actually in favor of this. It's a really good idea, and I hope the state uses it for all the important databases they're gonna use to put us in the camps.
Please dont be a hater. Comrade AI might just save lives here.
that seems like it wouldn't work very well except maybe for small programs. the kinds of bugs they're trying to catch and prevent here may need substantial changes to the program's design in order to prevent. Like the borrow checker literally does not exist in C and it is not a thing people thought about when writing asynchronous C code. Maybe the AI will take a shortcut and write a bunch of unsafe rust code, but in that case what's the point?