1. Forum
  2. tqwNet
  3. TQW LINUX

  • Eliminating Memory Safety Vulnerabilities at the Source

    From LWN.net@1337:1/100 to All on Thursday, September 26, 2024 08:00:07
    Eliminating Memory Safety Vulnerabilities at the Source
    (Google Security Blog)

    Date:
    Thu, 26 Sep 2024 06:58:06 +0000

    Description:
    Here's a
    post on the Google Security Blog on how switching to a memory-safe
    language can quickly reduce vulnerabilities in a project, even if a large
    body of older code persists. This leads to two important takeaways: The problem is overwhelmingly with new code, necessitating a
    fundamental change in how we develop code. Code matures and gets safer with time, exponentially, making the
    returns on investments like rewrites diminish over time as code gets
    older. For example, based on the average vulnerability lifetimes, 5-year-old code
    has a 3.4x (using lifetimes from the study) to 7.4x (using lifetimes
    observed in Android and Chromium) lower vulnerability density than new
    code.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/991775/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)