March 31, 2024 at 12:37PM Google reports that Rust is twice as productive compared to C++ and has been effective in rewriting projects. Memory safety is seen as crucial for national security, leading to a shift in awareness. Microsoft and other organizations are also adopting Rust, citing its benefits over C/C++. Developers show confidence in … Read more
March 25, 2024 at 02:28PM CISA and FBI advised technology manufacturing executives to conduct formal software reviews and implement mitigations to eliminate SQL injection (SQLi) vulnerabilities. SQL injection attacks enable unauthorized access to sensitive data and can lead to data breaches and system takeover. They recommend using parameterized queries with prepared statements as a secure … Read more
February 27, 2024 at 03:27PM The US government is urging software manufacturers to release timely, comprehensive documentation of security vulnerabilities to enhance efforts in measuring code quality and safety. The White House emphasizes the need for long-term investment incentives and the adoption of memory-safe programming languages to improve cybersecurity across the digital ecosystem. This industry-wide … Read more
February 26, 2024 at 04:39PM The White House ONCD urges tech companies to adopt memory-safe programming languages like Rust to enhance software security by reducing memory safety vulnerabilities. Such vulnerabilities can lead to security risks and unauthorized access to data, posing a threat to the digital ecosystem. This initiative aligns with President Biden’s National Cybersecurity … Read more
February 8, 2024 at 02:34AM Memory-safety flaws are the primary high-severity issues for Google and Microsoft. However, they are not the top exploited vulnerabilities. Rust can reduce these flaws but not eliminate all risks, as highlighted by Horizon3.ai. While Rust prevents certain vulnerabilities, attention to complex software risks and security processes is crucial. Based on … Read more
February 5, 2024 at 06:06PM Google has pledged $1 million to the Rust Foundation to enhance interoperability between Rust and C++ code. This investment aims to expand the adoption of Rust across various components of the platform, with Android benefiting from its memory-safe programming language. Google’s support will also help launch a new ‘Interop’ initiative … Read more
January 16, 2024 at 04:24PM Google has released an urgent Chrome browser update to address three high-severity security flaws, warning that one is currently being exploited in the wild. The exploited zero-day, CVE-2024-0519, is an out-of-bounds memory access issue in the V8 JavaScript engine. The update also covers two additional high-risk memory safety issues. This … Read more
January 9, 2024 at 12:54PM Adobe released patches for six security vulnerabilities in Substance 3D Stager, warning of potential code execution attacks. The ‘important-severity’ issues affect macOS and Windows users and could lead to memory leaks and arbitrary code execution. Adobe recommends immediate updates to version 2.1.4 to mitigate these risks, with no known in-the-wild … Read more
January 4, 2024 at 10:13AM Google announced the first Chrome security update of 2024, resolving six vulnerabilities, including high-severity memory safety flaws reported by external researchers. Bug bounty rewards were handed out for some of the reported flaws. The update strengthens Chrome’s defenses against exploitation and is available for macOS, Linux, and Windows. No current … Read more
December 20, 2023 at 08:27PM The perpetual battle between IT security improvements and evolving attacker exploits has traditionally focused on software advancements. However, emerging hardware security technologies, particularly advanced instruction set architecture (ISA) extensions, have the potential to revolutionize IT security. Collaborative open-source efforts are driving progress in this area and will play a crucial … Read more