MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
code
Recherche

Eliminating Memory Safety Vulnerabilities at the Source (Google Security Blog)

jeudi 26 septembre 2024, 08:58 , par LWN.net
Here's a
post on the Google Security Blog on how switching to a memory-safe
language can quickly reduce vulnerabilities in a project, even if a large
body of older code persists.

This leads to two important takeaways:

The problem is overwhelmingly with new code, necessitating a
fundamental change in how we develop code.
Code matures and gets safer with time, exponentially, making the
returns on investments like rewrites diminish over time as code gets
older.

For example, based on the average vulnerability lifetimes, 5-year-old code
has a 3.4x (using lifetimes from the study) to 7.4x (using lifetimes
observed in Android and Chromium) lower vulnerability density than new
code.
https://lwn.net/Articles/991775/

Voir aussi

News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
ven. 27 sept. - 01:27 CEST