Skip to main content

Prossimo

Prossimo is a program by the Internet Security Research Group that targets memory safety risks in Internet infrastructure software by supporting memory-safe implementations of core components.

  • Program focused on improving memory safety in critical Internet infrastructure software (security / software assurance)
  • Support for rewriting or replacing core networking and system components in memory-safe languages such as Rust (software modernization)
  • Engagement with existing open-source projects to reduce memory-unsafe code in widely deployed stacks (open-source infrastructure)
  • Emphasis on components that handle network traffic and sensitive data paths in the Internet ecosystem (network and data security)
  • Coordination and advocacy to increase adoption of memory-safe software practices across infrastructure maintainers and vendors (security advocacy / ecosystem coordination)

More About Prossimo

Prossimo is an initiative of the Internet Security Research Group (ISRG) that focuses on reducing memory safety vulnerabilities in software that underpins the Internet. It concentrates on widely deployed infrastructure components that are written in memory-unsafe languages and seeks to facilitate memory-safe alternatives, with a focus on practical deployment in real-world systems.

The project addresses a problem space in which a large portion of security defects in low-level software originate from memory management errors. Prossimo targets components such as network services, Operating System (OS) building blocks, and other foundational programs that process untrusted input or high-volume traffic. Its approach centers on the adoption of memory-safe programming languages, with emphasis on Rust, to mitigate entire classes of vulnerabilities tied to manual memory handling.

Prossimo’s capabilities include identifying candidate infrastructure projects for memory-safe rewrites, organizing and funding development of new implementations, and collaborating with maintainers to integrate these implementations into existing ecosystems (software modernization / security engineering). It focuses on software that is central to transport, routing, and secure communication, and on elements that are likely to be present in enterprise operating environments and service provider networks.

In enterprise and institutional settings, Prossimo’s outputs are relevant where organizations depend on open-source or vendor distributions of network daemons, cryptographic libraries, system utilities, or OS components that can be replaced or augmented with memory-safe variants (infrastructure software / network security). By working with upstream projects and distributions, Prossimo aims to make deployment pathways available through standard packaging and integration channels that enterprises already use.

From an architectural perspective, Prossimo aligns with secure-by-design practices by encouraging components at lower layers of the stack—such as protocol implementations and system services—to be written in memory-safe languages (software architecture / secure coding). It operates within the open-source ecosystem, working in coordination with maintainers, distributions, and platform providers so that memory-safe implementations can interoperate with existing protocols and interfaces while maintaining expected behavior and performance envelopes.

For technical stakeholders, Prossimo can be categorized as a security and software assurance initiative focused on memory safety in Internet infrastructure. Its relevance spans platform engineering, network operations, and security architecture teams that rely on robust and maintainable implementations of core services. By concentrating on memory-safe alternatives for foundational components, Prossimo provides a pathway for organizations to reduce exposure to classes of memory-related vulnerabilities without redesigning higher-level application logic.