September 25, 2024 at 03:34PM The shift in Android vulnerabilities caused by memory safety issues from 76% in 2019 to 24% in 2024 highlights Google’s adoption of memory-safe languages like Rust. This strategy retains older code with minimal changes focused on security fixes, while prioritizing new code in memory-safe languages. Google emphasizes proactive prevention over … Read more
September 16, 2024 at 04:17PM The Safe C++ Extensions proposal, driven by the C++ community, aims to enhance the language’s memory safety. Notably, it addresses concerns raised by industry leaders and organizations about the prevalence of memory safety flaws in C++. By providing memory safety features, this initiative strives to make writing secure code more … Read more
September 9, 2024 at 03:57PM Google is promoting the deployment of Rust in existing low-level firmware codebases to combat memory-related security vulnerabilities. The company aims to demonstrate the viability of using Rust for firmware, highlighting its efficiency in guaranteeing memory safety and reducing vulnerabilities in existing code. This migration has led to a decrease in … Read more
September 6, 2024 at 05:48PM Google is advocating for the use of the Rust programming language to replace legacy C and C++ code in firmware, aiming to enhance security and reduce vulnerabilities. Despite resistance from some developers, Google and the US government are promoting the adoption of Rust for secure and reliable software development, leveraging … Read more
August 13, 2024 at 08:41AM DARPA plans to fund a project called TRACTOR, aiming to develop an automated translator to convert old C code to Rust. The initiative seeks to address memory-safety vulnerabilities and reduce the labor and cost of rewriting code. The project aims to create high-quality Rust code and is expected to face … Read more
August 9, 2024 at 08:33AM The 2018 Spectre and Meltdown vulnerabilities exposed computer memory as a target for hackers to inject code and steal data. To address this, Microsoft is transitioning system applications to the Rust programming language for memory safety, while chip makers established the CHERI Alliance to create secure hardware architecture. Challenges include … Read more
August 7, 2024 at 10:57AM A new Linux kernel exploitation technique named SLUBStick has been uncovered, offering the potential to escalate a limited heap vulnerability to an arbitrary memory read-and-write primitive. This method demonstrates the ability to modify kernel data and overcome existing defenses, but it relies on the existence of a heap vulnerability and … Read more
July 17, 2024 at 06:03AM Google announced security updates for Chrome 126, addressing ten vulnerabilities, including high-severity bugs reported by external researchers. The release resolves various flaws in V8, Screen Capture, Media Stream, Audio, and Navigation. Google paid over $32,000 in bug bounty rewards and advises users to update their browsers to the latest versions. … Read more
June 28, 2024 at 05:03PM The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has released a report detailing the prevalence of memory-unsafe languages in critical open source projects, highlighting the risks of memory safety vulnerabilities. The report emphasizes the need for organizations to prioritize memory safety and consider using memory-safe languages like Rust or … Read more
June 28, 2024 at 01:28PM A new study reveals the widespread and concerning use of memory-unsafe code in major open source software projects, leading to common security issues. Despite this insight, immediate changes are unlikely due to the complexity and cost of rewriting code entirely in memory-safe languages. The report’s findings align with previous studies, … Read more