Nonprofit Pushes Memory-Safe Rewrites for Internet Infrastructure

TL;DR

MemorySafety.org promotes replacing unsafe C/C++ components in critical internet software with memory-safe implementations, primarily using Rust. The site lists multiple active initiatives — from TLS and DNS to kernel drivers and media codecs — and says its work is funded entirely by charitable donations.

What happened

The Memory Safety project (memorysafety.org) is presenting a coordinated effort to transition key pieces of Internet infrastructure to memory-safe implementations. The site highlights a slate of initiatives that target widely used components and libraries: a Rustls TLS implementation intended to substitute OpenSSL in many projects; Hickory, a fully recursive DNS resolver with opportunistic encryption support; sudo-rs for privilege mediation; an NTP implementation (ntpd-rs); a memory-safe AV1 decoder (rav1d); a zlib replacement; efforts to enable memory-safe Linux kernel drivers; a reverse proxy (River); memory-safe TLS support for Apache httpd (mod_tls); and improvements to curl. The site also publishes blog updates about project milestones — for example, rustls joining the Rust Foundation's Innovation Lab — and indicates that all funding comes from charitable donations. Practical details such as timelines or release schedules are not provided on the pages cited.

Why it matters

• Memory errors in C and C++ are a common source of security vulnerabilities in critical infrastructure software.
• Replacing vulnerable components with memory-safe alternatives can reduce entire classes of bugs and exploit vectors.
• Targeting individual components (TLS, DNS, codecs, etc.) makes incremental migration feasible for existing C/C++ codebases.
• Community-funded work can accelerate development of secure tooling and libraries used across the Internet.

Key facts

• The site promotes a set of initiatives to create memory-safe replacements for widely used internet software components.
• Highlighted projects include Rustls (TLS), Hickory (DNS), sudo-rs, ntpd-rs (NTP), rav1d (AV1 decoder), and a zlib replacement.
• Other efforts aim at memory-safe drivers for the Linux kernel, a reverse proxy called River, mod_tls for Apache httpd, and curl improvements.
• A blog post dated September 3, 2025, announces rustls joining the Rust Foundation's Rust Innovation Lab.
• An October 1, 2025 blog post discusses improving error handling in rustls.
• A July 30, 2025 post notes opportunistic encryption is coming to Hickory DNS (RFC 9539 support).
• A July 16, 2025 post indicates sudo-rs is headed to Ubuntu.
• The site states that 100% of its funding comes from charitable donations from companies and individuals.

What to watch next

• Wider adoption of Rustls as a drop-in replacement for OpenSSL across projects — not confirmed in the source
• Progress and timelines for making Linux kernel drivers memory safe via the project's work — not confirmed in the source
• Release milestones for Hickory DNS, ntpd-rs, and other listed initiatives — not confirmed in the source

Quick glossary

• Memory safety: A property of code that prevents common memory-related errors such as buffer overflows, use-after-free, and null-pointer dereferences.
• Rust: A programming language designed with features that help prevent certain classes of memory and concurrency bugs at compile time.
• TLS (Transport Layer Security): A protocol that encrypts data in transit to provide confidentiality and integrity for network communications.
• DNS (Domain Name System): A hierarchical naming system that translates human-readable domain names into IP addresses used by computers.
• Reverse proxy: A server that sits between clients and backend servers, forwarding client requests and often providing load balancing, caching, and security features.

Reader FAQ

Who runs the Memory Safety project?
not confirmed in the source

How is this work funded?
The site states that 100% of funding comes from charitable donations from companies and individuals.

What are the main initiatives?
The site lists initiatives including Rustls (TLS), Hickory (DNS), sudo-rs, ntpd-rs, rav1d (AV1 decoder), a zlib replacement, Linux kernel driver work, River reverse proxy, mod_tls for Apache, and curl improvements.

Is there a public roadmap or timeline for replacements?
not confirmed in the source

TLS (Rustls) Let's get the Rustls TLS library ready to replace OpenSSL in as many projects as possible. View initiative Support this Work Memory Safety for the Internet's most critical…

Sources

• Memory Safety
• White House, Craig Newmark Support Memory Safe Software
• NSA and CISA Urge Adoption of Memory Safe Languages …
• The Urgent Need for Memory Safety in Software Products

Related posts

• LangGrinch Targets LangChain Core: New CVE-2025-68664 Report
• Fahrplan for 39C3: Full two-day program schedule and session lineup
• LangGrinch Exploits Critical LangChain Core Flaw (CVE-2025-68664)