Subj : Eliminating Memory Safety Vulnerabilities at the Source
To   : All
From : LWN.net
Date : Thu Sep 26 2024 08:00:07

Eliminating Memory Safety Vulnerabilities at the Source
(Google Security Blog)

Date:
Thu, 26 Sep 2024 06:58:06 +0000

Description:
Here's a
post on the Google Security Blog on how switching to a memory-safe
language can quickly reduce vulnerabilities in a project, even if a large
body of older code persists. This leads to two important takeaways: The 
problem is overwhelmingly with new code, necessitating a
    fundamental change in how we develop code. Code matures and gets safer 
with time, exponentially, making the
    returns on investments like rewrites diminish over time as code gets
    older. For example, based on the average vulnerability lifetimes, 
5-year-old code
has a 3.4x (using lifetimes from the study) to 7.4x (using lifetimes
observed in Android and Chromium) lower vulnerability density than new
code.

======================================================================
Link to news story:
https://lwn.net/Articles/991775/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.