One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8458966 |
| Date de publication | 2024-03-04 14:00:38 (vue: 2024-03-04 20:07:04) |
| Titre | Sécurisé par conception: la perspective de Google \\ sur la sécurité de la mémoire Secure by Design: Google\\'s Perspective on Memory Safety |
| Texte | Alex Rebert, Software Engineer, Christoph Kern, Principal Engineer, Security FoundationsGoogle\'s Project Zero reports that memory safety vulnerabilities-security defects caused by subtle coding errors related to how a program accesses memory-have been "the standard for attacking software for the last few decades and it\'s still how attackers are having success". Their analysis shows two thirds of 0-day exploits detected in the wild used memory corruption vulnerabilities. Despite substantial investments to improve memory-unsafe languages, those vulnerabilities continue to top the most commonly exploited vulnerability classes.In this post, we share our perspective on memory safety in a comprehensive whitepaper. This paper delves into the data, challenges of tackling memory unsafety, and discusses possible approaches for achieving memory safety and their tradeoffs. We\'ll also highlight our commitments towards implementing several of the solutions outlined in the whitepaper, most recently with a $1,000,000 grant to the Rust Foundation, thereby advancing the development of a robust memory-safe ecosystem.Why we\'re publishing this now2022 marked the 50th anniversary of memory safety vulnerabilities. Since then, memo |
| Envoyé | Oui |
| Condensat | chrome 000 2021 50th able about access accesses accumulated achieved achieving active actively addition address addressing adopt adopting adoption advancing alex all allows alpha also alternatives analysis android anniversary announced appears approach approaches are around assurance attackers attacking attacks augmented available back based bases been believe benefits better binary both bring broader bug bugs building but c++ call calls can case cause caused causes centered challenges christoph chrome classes code codebase codebases coding coding” commitments commonly community compelling complement components comprehensive consequence consider considering constructs consumers continue corruption cross cyber data day decades defects delves design design: despite detected developed developers development different difficult directly director discusses drivers during ecosystem efforts eliminate enabling encounter encouraged end endanger engineer enhance ensuring errors even every evolution existing expect experience experiences exploited exploits extent facilitate features federal focus foundation foundationsgoogle full funded funding further gcp generator going google google/pubs/secure googles government governments gradual grant grown guarantees hardware has have having hazards high highlight hope how https://research hundreds implementation implementing important impractical improve improved improvements improving include incremental independently industry insights inspire instance inter internal interoperability investing investments isrg issue issues its java just kern kernel key know language languages languageswe large last leading learn libraries library like likely lines linux making many marked memory might millions mixing module more most move national networking new not now now2022 obvious occur office omega once one ongoing only open openssf others out outlined over paper partially particularly past path performance perspective perspectiveat possible post practicable practice practices prevalent principal procedural program project prone prossimo providing publication publishing realistic rebert recently reducing regular related relatedly remain removing reports research response results rewrite rfi rigorous risk risks robust rust rust; safe safer safety safety/ safety:we same sandbox scale secure security see seriously several share sharing shipping show showed shows significant similarly since society software solutions some source spatial stack standard started subset substantial subtle success such tackling taking technologies technology temporal themselves then thereby thirds those through tls tooling top topic towards tradeoffs transition treats two ultimately ultra under unsafe unsafety upgrades usage use used users uwb very visit vulnerabilities vulnerability week when which whitepaper why wideband widespread wild will work working write written xss years zero “safe |
| Tags | Vulnerability Mobile |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.