Securing critical and vulnerable internet infrastructure by moving it into memory-safe code

Key facts

Investment Amount
Investment Year(s)
2023, 2024

Prossimo is an initiative of the Internet Security Research Group (ISRG), which aims to move the internet’s critical and vulnerable infrastructure to memory-safe code.

Memory safety is a property of certain programming languages that prevents errors related to memory usage from occurring. These types of errors and the resulting vulnerabilities are extremely common because many parts of critical digital infrastructure is still written in languages that are not memory safe.

Moving vulnerable digital infrastructure to memory-safe code is a large and lengthy undertaking. That’s why the Prossimo initiative is focusing on particularly critical components whose conversion is likely to have a significant impact in as little as one to two years, such as TLS, DNS, and media decoder components described below.

Why is this important?

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ranked memory security vulnerabilities #1 on its list of the 25 most dangerous software vulnerabilities for two years in a row. Studies of and by major software industry companies (AppleMicrosoftGoogle) indicate that anywhere from 60 to 90% of security vulnerabilities are due to memory security issues.

These vulnerabilities incur enormous costs when they are exploited, as was seen in 2017 with the spread of the Wannacry malware to 300,000 computers. Another example is the Trident malware bug, which was used to infiltrate journalists’ phones in 2016. The costs are not only financial, as the cyberattack on an IT service provider of the National Health Services in the UK in 2022 also showed. The attack affected numerous hospitals and their services, and sensitive data was also leaked.

TLS, media decoders, and DNS resolvers are highly critical and widely used technologies that are relevant to all user groups: industry, business, government as well as individuals.

What are we funding?

Develop Rustls into a powerful alternative to OpenSSL.

OpenSSL is a widely used TLS library found in a large percentage of all internet-connected devices. It is written in C (a memory-unsafe language) and has a long history of vulnerabilities.

That’s why Prossimo is prioritizing work on Rustls, a memory-safe and easy-to-use library that implements the TLS protocol.

Develop a memory-safe AV1 video and image decoder.

Media decoders are essential for browsers and applications that use images and videos, but are particularly vulnerable to memory safety errors. AV1 is becoming a preferred format for video compression, so there is an urgent need for a memory-safe implementation in Rust for application developers.

Prossimo is working on a memory-safe AV1 decoder called rav1d based on the popular C library dav1d. The Rust implementation will retain the high-performance assembly code and include a dav1d-based C API, so C users can switch with minimal effort.

Develop Trust-DNS, a memory-safe DNS resolver

DNS (Domain Name System) is arguably one of the most critical internet infrastructure building blocks, translating domain names like into IP addresses of web servers. Just about every internet-connected device, application, and server relies frequently on DNS.

Many DNS implementations are available today, including some memory-safe ones. The internet needs an open-source, high-performance, memory-safe, fully recursive DNS resolver, and Prossimo intends to create this with Trust-DNS.

More technologies

All technologies