Memory Corruption: Best Tackled with Mitigations or Safe-Languages
Memory corruption is a difficult problem to solve, but many such as CISA are pushing for moves to memory safe languages. How viable is rewriting compared to mitigating?
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/254.html
[00:00:00] Introduction
[00:01:12] Clarifying Scope & Short/Long Term
[00:04:28] Mitigations
[00:15:37] Safe Languages Are Falliable
[00:21:20] Weaknesses & Evolution of Mitigations
[00:29:19] Rewriting and the Iterative Process
[00:34:55] The Rewriting Scalability Argument
[00:41:43] System vs App Bugs
[00:48:46] Mitigations & Rewriting Are Not Mutually Exclusive
[00:50:25] Corporate vs Open Source
[00:54:12] Generational Change
[00:56:18] Conclusion
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Create your
podcast in
minutes
It is Free