November 16, 2024 at 05:19AM Fil-C, created by Filip Pizlo from Epic Games, is a memory-safe version of C and C++ allowing developers to maintain compatibility without learning new languages like Rust. It focuses on memory safety through a permissively licensed open-source compiler, although it currently has performance limitations and works only on Linux/x86_64. ### … Read more
October 15, 2024 at 06:06AM Entry points in open-source packages across various programming languages are vulnerable to exploitation, posing risks for supply chain attacks. This highlights the need for enhanced security measures to protect against such vulnerabilities. The article is based on a post from SecurityWeek. **Meeting Takeaways:** 1. **Vulnerability Highlighted**: Entry points in software … Read more
August 3, 2024 at 06:08AM DARPA is pushing TRACTOR, a program to automatically convert legacy C code to Rust for improved memory safety. Tech giants support the move away from C/C++ due to memory safety bugs. While some argue for maintaining C/C++ standards, DARPA is focused on automating the transition to Rust for increased security. … Read more
June 28, 2024 at 01:28PM A new study reveals the widespread and concerning use of memory-unsafe code in major open source software projects, leading to common security issues. Despite this insight, immediate changes are unlikely due to the complexity and cost of rewriting code entirely in memory-safe languages. The report’s findings align with previous studies, … Read more
April 12, 2024 at 07:36AM Multiple programming languages are affected by a serious vulnerability, ‘BatBadBut’, allowing command injection in Windows applications, due to improper escape of command arguments when executing batch files. The flaw, affecting languages’ runtimes, enables attackers to inject commands into Windows applications. Some affected languages have issued patches, but successful exploitation requires … Read more