Source code for the Kernelized Secure Operating System (KSOS), a little-known Unix variant from the early 1980s, has resurfaced after nearly four decades. Developed by Ford Aerospace and the US Department of Defense, KSOS was written in Modula-2 — a language that enforced strict type safety decades before Rust made the concept mainstream.
The system was designed to meet the highest levels of the US 'Orange Book' security criteria, using a reference monitor architecture to enforce mandatory access controls. Its reliance on typed memory access and compile-time checks aimed to eliminate entire classes of bugs — buffer overflows, dangling pointers and memory corruption — that continue to plague modern software.
For UK businesses, the rediscovery underscores a pressing reality: memory safety vulnerabilities remain the root cause of around 70 per cent of critical security patches in major operating systems. The UK's National Cyber Security Centre (NCSC) has long urged developers to adopt memory-safe languages, recommending Rust, Go and C# for new projects. The Information Commissioner's Office (ICO) also expects organisations to implement secure-by-design principles under UK data protection law.
Across the Channel, the EU AI Act introduces strict liability for AI systems built on insecure code, meaning any UK firm exporting AI products to Europe could face penalties if underlying software contains memory-safety flaws. The European Union Agency for Cybersecurity (ENISA) has similarly flagged memory safety as a priority for critical infrastructure.
Industry experts caution that while Rust offers modern tooling and guarantees, KSOS shows the idea is not new. 'What KSOS did in Modula-2 in the 1980s is what Rust does today — but the industry took decades to catch on,' said a security researcher familiar with the code. For UK startups and large enterprises alike, the lesson is that retrofitting safety after deployment costs far more than building it in from the start.