MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
code
Search

Eliminating Memory Safety Vulnerabilities at the Source (Google Security Blog)

Thursday September 26, 2024. 08:58 AM , from LWN.net
Here's a
post on the Google Security Blog on how switching to a memory-safe
language can quickly reduce vulnerabilities in a project, even if a large
body of older code persists.

This leads to two important takeaways:

The problem is overwhelmingly with new code, necessitating a
fundamental change in how we develop code.
Code matures and gets safer with time, exponentially, making the
returns on investments like rewrites diminish over time as code gets
older.

For example, based on the average vulnerability lifetimes, 5-year-old code
has a 3.4x (using lifetimes from the study) to 7.4x (using lifetimes
observed in Android and Chromium) lower vulnerability density than new
code.
Read more at LWN.net
https://lwn.net/Articles/991775/

Related News

code Google's NotebookLM Can Help You Dive Deeper Into YouTube Videos SlashdotSep 27
security Eliminating memory safety vulnerabilities at the source OS NewsSep 26
lifetimes Google Restricts Creation of New Accounts in Russia SlashdotSep 26
blog HPE patches three critical security holes in Aruba PAPI TheRegisterSep 26
google Want to help whip the llama’s ass? Winamp goes open source (sort of) PC WorldSep 26
vulnerabilities Wayback Machine integrated into Google search BoingBoingSep 26
older Google Maps is Cracking Down on Fake Reviews SlashdotSep 26
eliminating Uniting for Internet Freedom: Tor Project & Tails Join Forces (Tor blog) LWN.netSep 26
vulnerability Security updates for Thursday LWN.netSep 26
using Victims lose $70K to one single wallet-draining app on Google's Play Store TheRegisterSep 26
time The importance of nudge theory in email security BetaNewsSep 26
gets Google TV Streamer 4K Review: Smooth Streaming Wired: Tech.Sep 26
source Memory-maker Micron predicts new wave of server consolidation TheRegisterSep 26
memory Winamp source code now available on GitHub BetaNewsSep 26
how Winamp Releases Source Code, Asks For Help Modernizing the Player SlashdotSep 26
code Google Complains To EU Over Microsoft Cloud Practices SlashdotSep 25
security Google's Rust belts bugs out of Android, helps kill off unsafe code substantially TheRegisterSep 25
lifetimes Google Paid $2.7 Billion To Bring Back an AI Genius Who Quit in Frustration SlashdotSep 25
blog Security updates for Wednesday LWN.netSep 25
google Notion AI can now access Slack chats and Google Drive files ComputerWorldSep 25
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Sep, Fri 27 - 01:20 CEST