Merge pull request #64 from trifectatechfoundation/mem-safety-statement

Draft mem safety statement post

Author: erikjee

content/_index.md

@@ -30,7 +30,7 @@ supporters = [
 ]
 
 blogposts = [
-    "Support the call for memory safety incentives in EU cybersecurity policies",
+    "Calling for memory safety incentives in EU cybersecurity policies",
     "Canonical releases Ubuntu 25-10 with sudo-rs as the default sudo",
     "ntpd-rs now supports version 5 of the Network Time Protocol",
     "zlib-rs is faster than C",

content/blog/Calling for memory safety incentives in EU cybersecurity policies.md

@@ -0,0 +1,108 @@
++++
+title = "Calling for memory safety incentives in EU cybersecurity policies"
+slug = "calling-for-memory-safety-incentives-in-eu-cybersecurity-policies"
+authors = ["Hugo van de Pol"]
+date = 2025-12-17
+
+[taxonomies]
+tags=["announcement"]
+
+[extra]
+image = "/blog/mem-safety-statement-share-image-w1600.jpg"
+
++++
+
+![Improving Europe's cybersecurity posture through memory safety](/blog/mem-safety-statement-share-image-w1600.jpg)
+
+**Today we publish the statement *"Improving Europe's cybersecurity posture through memory safety"*, calling on European and national policymakers to provide clear incentives and support for the large-scale adoption of memory-safe technology.**
+
+<!-- more -->
+
+The statement is a joint effort by secure-by-design experts at leading organizations, including Siemens Mobility, Sovereign Tech Agency, OpenSSF, Google, the Linux Foundation, the Rust Foundation, and national cybersecurity committees. 
+
+It has been endorsed by European companies at the forefront of technology, such as Infineon Technologies AG, as well as industry and academic experts, including specialists at Signify, Volvo Cars, Radboud University, and Delft University of Technology.
+
+Executive summary: 
+
+> “The number of cybersecurity incidents that affect European citizens and businesses is rising at an alarming rate. 70% of the vulnerabilities in major digital systems built on decades-old technologies share the same root cause and can be prevented by using modern, memory-safe technology.
+<br/> <br/>
+This technology is mature, perfectly fits Europe’s forthcoming secure-by-design approach to cybersecurity, and is the most effective way to protect Europe’s cybersecurity, to reduce cybersecurity costs, and to foster innovation.
+<br/> <br/>
+However, its adoption rate is slow due to a lack of short-term economic incentives. We’ve now left the door wide open: attackers eagerly exploit vulnerabilities in our major digital systems.
+<br/> <br/>
+The supporting organisations call on European and national policymakers to act, out of obligation as well as untapped opportunity: to provide clear incentives and support for the large-scale adoption of memory-safe technology.”
+
+View or download the full statement **[here](/docs/improving-europes-cybersecurity-posture-through-memory-safety.pdf)**.
+<br />
+<br />
+
+## The time is now
+
+We have established a lack of awareness among EU and national policymakers. This contrasts heavily to [the proactive involvement of the Cybersecurity and Infrastructure Security Agency (CISA)](https://www.cisa.gov/securebydesign), among others, in the USA from 2023 onwards. 
+
+With the CRA on its way, now is the time for the EU to act.
+
+## Looking ahead
+We're looking forward to presenting our point of view to EU and national policymakers, and to continuing to advocate for faster adoption of modern memory-safe technology in 2026. We're aiming to bring this statement to various events in 2026 and will keep you updated on where to find us.
+
+## Get involved
+Our primary goal is to bring memory safety to the forefront of current policy discussions, and we need your help to do it. 
+
+If you are involved in relevant European or national policy making, or can put us in contact with someone who is, **please reach out to [Hugo van de Pol](mailto:hugo@trifectatech.org?subject=I'd%20like%20to%20help%20advocate%20for%20memory%20safety)**.
+
+---
+
+## Supporting organisations
+
+- [Internet Security Research Group](https://www.abetterinternet.org/)
+- [Tauri](https://v2.tauri.app/)
+- [Rust Foundation](https://rustfoundation.org/)
+- [Special Interest Group Cybersecurity of ICT Research Platform Netherlands (IPN) and ACCSS](https://ict-research.nl/groups/special-interest-groups/sigsec/)
+- [Tweede golf](https://tweedegolf.nl/en)
+- [Trifecta Tech Foundation](https://trifectatech.org/)
+- [Stackable](https://stackable.tech/en/)
+- [OpenPrinting](https://openprinting.github.io/)
+- [Systemscape](https://www.systemscape.com/)
+- [Ferrous Systems](https://ferrous-systems.com/)
+- [Infineon Technologies AG](https://www.infineon.com/)
+- [AboutCode Foundation](https://www.aboutcode.foundation/)
+- [BlueBird Power](https://www.bluebirdpower.com/)
+
+## Supporting individuals
+
+- Leon Bouwmeester, director of engineering at Hue Connected, Signify
+- Julius Gustavsson, Expert System Architect, Volvo Cars
+- Till Kamppeter, lead of OpenPrinting
+- Mario Goffredo D'Andrea
+- Matthias Endler, Corrode
+- Bernard van Gastel, Radboud University
+- Frederic Ameye
+- Irakli Tabagari
+- Prof. Achim D. Brucker, University of Exeter (Chair in Cybersecurity)
+- Mathias Payer, Associate Professor at EPFL Alexios Voulimeneas, Assistant Professor at TU Delft
+- Prof. dr. Jaap-Henk Hoepman
+
+<br />
+
+## Contributors
+
+Contributions to this statement were made by:
+- Josh Aas, Internet Security Research Group
+- Rebecca Rumbul, Rust Foundation
+- Thomas Rooijakkers, TNO
+- Jeffrey Vander Stoep, Google
+- Benjamin Schilling
+- Christian (fukami) Horchert, CrabNebula Ltd.
+- prof. dr. H.J. Bos, Vrije Universiteit Amsterdam
+- Erik Poll, Radboud University
+- Harry van Haaren, Openchip,
+- Marius Gläß, Bundesamt für Sicherheit in der Informationstechnik
+- Joao Rebelo, S2E Systems B.V.
+
+---
+
+## About the authors
+[Tara Tarakiyee](https://www.linkedin.com/in/tarakiyee/) is a Technologist at [Sovereign Tech Agency](https://www.sovereign.tech/), who works on designing supporting and mobilizing resources to encourage, sustain and maintain our open digital infrastructure.
+
+[Hugo van de Pol](https://www.linkedin.com/in/hugo-van-de-pol-90665215/) is Director at [Tweede golf](https://tweedegolf.nl/en) and Board member at [Trifecta Tech Foundation](https://trifectatech.org/), who has been advocating the use of memory-safe technologies like Rust for years. 
+

content/news.md

@@ -5,6 +5,7 @@ template = "news.html"
 
 [extra]
 blogposts = [
+    "Calling for memory safety incentives in EU cybersecurity policies",
     "Emulating avx-512 intrinsics in Miri",
     "Support the call for memory safety incentives in EU cybersecurity policies",
     "Frequently Asked Questions about sudo-rs",