Deutsch English Français Italiano |
<65f6b140$0$19592$882e4bbb@reader.netnews.com> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr1.iad1.usenetexpress.com!198.186.191.153.MISMATCH!news-out.netnews.com!s1-4.netnews.com!eu1.netnews.com!not-for-mail X-Trace: DXC=ekHVl_TZi21XbTXBL>DDB=HWonT5<]0T=M9@aW=nh=g:4fb5@bE@D^82ag1<^1n6R>kKcU9i;ZPR?7`KUZlDCH:<jdAQ=K_oW98A6UEi6kY3A0M0:NI184W1= X-Complaints-To: support@blocknews.net From: Retrograde <fungus@amongus.com.invalid> Content-Type: text/plain; charset=UTF-8 Subject: memory corruption as attack vector Newsgroups: comp.misc Date: 17 Mar 2024 09:00:48 GMT Lines: 39 Message-ID: <65f6b140$0$19592$882e4bbb@reader.netnews.com> NNTP-Posting-Host: 127.0.0.1 X-Trace: 1710666048 reader.netnews.com 19592 127.0.0.1:44823 Bytes: 3037 From the «alzheimers as a service» department: Feed: OSnews Title: Secure by design: Google’s perspective on memory safety Author: Thom Holwerda Date: Fri, 15 Mar 2024 10:45:06 -0400 Link: https://www.osnews.com/story/138837/secure-by-design-googles-perspective-on-memory-safety/ Google’s Project Zero reports[1] that memory safety vulnerabilities[2]—security defects caused by subtle coding errors related to how a program accesses memory—have been “the standard for attacking software for the last few decades and it’s still how attackers are having success”. Their analysis shows two thirds of 0-day exploits detected in the wild used memory corruption vulnerabilities. Despite substantial investments to improve memory-unsafe languages, those vulnerabilities continue to top the most commonly exploited vulnerability classes[3]. In this post, we share our perspective on memory safety in a comprehensive whitepaper[4]. This paper delves into the data, challenges of tackling memory unsafety, and discusses possible approaches for achieving memory safety and their tradeoffs. We’ll also highlight our commitments towards implementing several of the solutions outlined in the whitepaper, most recently with a $1,000,000 grant to the Rust Foundation[5], thereby advancing the development of a robust memory-safe ecosystem. ↫ Alex Rebert and Christoph Kern at Google’s blog[6] Even as someone who isn’t a programmer, it’s impossible to escape the rising tide of memory-safe languages, with Rust leading the charge. If this makes the software we all use objectively better, I’ll take the programmers complaining they have to learn something new. Links: [1]: https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html (link) [2]: https://www.memorysafety.org/docs/memory-safety/ (link) [3]: https://cwe.mitre.org/top25/archive/2023/2023_kev_list.html (link) [4]: https://research.google/pubs/pub53121/ (link) [5]: https://security.googleblog.com/2024/02/improving-interoperability-between-rust-and-c.html (link) [6]: https://security.googleblog.com/2024/03/secure-by-design-googles-perspective-on.html (link)