Navigation
Search
|
Eliminating Memory Safety Vulnerabilities at the Source (Google Security Blog)
Thursday September 26, 2024. 08:58 AM , from LWN.net
Here's a
post on the Google Security Blog on how switching to a memory-safe language can quickly reduce vulnerabilities in a project, even if a large body of older code persists. This leads to two important takeaways: The problem is overwhelmingly with new code, necessitating a fundamental change in how we develop code. Code matures and gets safer with time, exponentially, making the returns on investments like rewrites diminish over time as code gets older. For example, based on the average vulnerability lifetimes, 5-year-old code has a 3.4x (using lifetimes from the study) to 7.4x (using lifetimes observed in Android and Chromium) lower vulnerability density than new code.
https://lwn.net/Articles/991775/
Related News |
25 sources
Current Date
Dec, Wed 18 - 11:01 CET
|