Submitted by Rachel Gardner on Wed, 07/05/2025 - 15:54
The UK government has announced measures to drive the commercial adoption of CHERI, the pioneering cybersecurity technology co-developed by researchers here.
The news was delivered by Minister for AI and Digital Government Feryal Clark, at CyberUK, the government's flagship cyber security event.
Memory safety bugs in software are repeatedly exploited by hackers to cause major security issues. Incidents like the WannaCry attack on the NHS in 2017 which caused four billion dollars of damages, and the CrowdStrike outage in 2024 which caused 5.4 billion dollars in direct losses, highlight the severe risks these bugs pose to society, businesses and economies.
"CHERI can significantly reduce cyber risks by mitigating memory safety bugs and improve the resilience of digital systems through improved compartmentalisation."
Recognising that the impact of these costly cyber incidents have been due to memory safety bugs, to date over £80 million of UK government funding, alongside £200 million of industrial co-investment, has been invested to develop CHERI. And now further measures to encourage the UK to adopt CHERI have been announced.
As the Minister and the Department of Science, Innovation and Technology say: "We recognise the potential of CHERI to deliver a secure and trusted digital economy for the UK. We are proud to harness expertise from partners across industry, academia and government to support work for the development and adoption of CHERI, and memory safe technologies, ensuring a move towards a more secure and resilient digital future.
"Our next step is to transition this technology to commercial products, ready for adoption across the UK, delivering a significant advancement in innovative cyber security. Leveraging industry co-investment, we will partner with the CHERI Alliance, InnovateUK, the University of Cambridge and other stakeholders to drive this effort."
The researchers behind the CHERI ('Capability Hardware Enhanced RISC Instructions') technology focused on new ways to design the architecture of a computer’s central processing unit – its brain – to make software less vulnerable to security breaches.
They were particularly interested in increasing memory safety since memory safety bugs in software are repeatedly exploited by hackers to cause major security issues. Research from Google and Microsoft shows that 70% of ongoing cyber vulnerabilities are memory safety bugs. The resulting CHERI technology they developed extends conventional architectures and software stacks with novel hardware support for memory protection and secure encapsulation.
Initially developed by researchers here and colleagues at SRI International, the CHERI technology soon attracted industrial collaborators including Arm, Microsoft and Google.
In 2022, an industrial demonstrator of CHERI – the Arm Morello processor and evaluation board – was made available to UK companies for testing and evaluation through the UK government’s Digital Security by Design programme.
Now the government is leading a further charge to encourage the widespread adoption of the technology.
"For the technology to be ready for use, here and now, translating the research and development into commercially viable products and services is a critical step," says the government's policy paper. "We will focus support towards companies developing CHERI-enabled chips and able to demonstrate immediate commercial relevance. Businesses meeting these criteria will access support to accelerate and scale-up their efforts. Up to £3 million funding will be made available, with a competition to launch later in 2025."
They add: "We also want to unblock the pathway for CHERI by incentivising the demand for adopting secure by design systems. We will shortly be launching a programme to identify partners to become the first customers for adopting CHERI."
For more details, follow the links below:
- CHERI technology for cyber security - introduction
- CHERI technology for cyber security - policy paper
