#MemorySafety

Google’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

by

November 21, 2024 at 03:13AM Google’s AI-powered fuzzing tool, OSS-Fuzz, has uncovered 26 vulnerabilities, including a medium-severity flaw in OpenSSL (CVE-2024-9143), indicating significant advancements in automated vulnerability detection. The tool enhances code coverage and is part of Google’s transition to memory-safe languages like Rust, alongside new security checks in C++. **Meeting Takeaways – Nov 21, … Read more

Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed

by

November 20, 2024 at 12:09PM Google’s OSS-Fuzz project has identified 26 vulnerabilities, including a critical flaw in OpenSSL. Utilizing AI-driven fuzzing, the tool finds bugs unlikely to be detected by humans. OSS-Fuzz aims to automate the fuzzing workflow, enhancing code testing with large language models to improve security against potential threats. ### Meeting Takeaways: 1. … Read more

Rust haters, unite! Fil-C aims to Make C Great Again

by

November 16, 2024 at 05:19AM Fil-C, created by Filip Pizlo from Epic Games, is a memory-safe version of C and C++ allowing developers to maintain compatibility without learning new languages like Rust. It focuses on memory safety through a permissively licensed open-source compiler, although it currently has performance limitations and works only on Linux/x86_64. ### … Read more

Google claims Big Sleep ‘first’ AI to spot freshly committed security bug that fuzzing missed

by

November 5, 2024 at 01:43AM Google’s AI model, Big Sleep, claims to be the first to identify a memory safety vulnerability—a stack buffer underflow—in SQLite before its release. Developed by Project Zero and DeepMind, Big Sleep aims to enhance bug detection beyond traditional fuzzing methods. This marks a significant advancement in AI-driven software security. ### … Read more

Google Says Its AI Found SQLite Vulnerability That Fuzzing Missed

by

November 4, 2024 at 08:16AM Google revealed that its Big Sleep LLM agent discovered a previously unknown memory safety vulnerability in SQLite, which traditional fuzzing methods failed to identify. This highlights the advanced capabilities of AI in enhancing security measures. ### Meeting Takeaways: 1. **Big Sleep LLM Agent**: Google has demonstrated its Big Sleep large … Read more

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

by

November 4, 2024 at 06:21AM Google identified a zero-day vulnerability in SQLite using its AI framework, Big Sleep. This marks the first real-world vulnerability discovered by an AI agent. The flaw, a stack buffer underflow, has been addressed. Google emphasizes the potential of AI in finding vulnerabilities pre-release, but notes results are still experimental. ### … Read more

Codasip Donates Tools to Develop Memory-Safe Chips

by

October 24, 2024 at 08:17AM Codasip donated its RISC-V software development kit to the CHERI Alliance to enhance chip memory safety for developers. The SDK includes essential tools like a C/C++ compiler, emulator, and build system, aiming to facilitate CHERI technology adoption in securing hardware memory against vulnerabilities like buffer overflows. ### Meeting Takeaways: 1. … Read more

Memory-Safe Code Adoption Has Made Android Safer

by

September 26, 2024 at 05:19PM The number of memory-related vulnerabilities in Android has significantly decreased over the past five years, attributed to Google’s use of memory-safe languages like Rust. Memory safety issues now only account for 24% of all Android vulnerabilities, down from 76% in 2019. This shift has been credited to Google’s secure-by-design approach … Read more

Google Sees Drop in Memory Safety Bugs in Android as Code Matures

by

September 26, 2024 at 09:19AM Google’s secure-by-design approach to code development has led to a significant reduction in memory safety vulnerabilities in Android and Chrome. The adoption of memory-safe programming languages like Rust has resulted in a decrease in memory safety bugs in Android, reducing the overall security risk to users. This proactive approach marks … Read more

Google sees 68% drop in Android memory safety flaws over 5 years

by

September 25, 2024 at 03:34PM The shift in Android vulnerabilities caused by memory safety issues from 76% in 2019 to 24% in 2024 highlights Google’s adoption of memory-safe languages like Rust. This strategy retains older code with minimal changes focused on security fixes, while prioritizing new code in memory-safe languages. Google emphasizes proactive prevention over … Read more