Navigation
Recherche
|
Eliminating Memory Safety Vulnerabilities at the Source (Google Security Blog)
jeudi 26 septembre 2024, 08:58 , par LWN.net
Here's a
post on the Google Security Blog on how switching to a memory-safe language can quickly reduce vulnerabilities in a project, even if a large body of older code persists. This leads to two important takeaways: The problem is overwhelmingly with new code, necessitating a fundamental change in how we develop code. Code matures and gets safer with time, exponentially, making the returns on investments like rewrites diminish over time as code gets older. For example, based on the average vulnerability lifetimes, 5-year-old code has a 3.4x (using lifetimes from the study) to 7.4x (using lifetimes observed in Android and Chromium) lower vulnerability density than new code.
https://lwn.net/Articles/991775/
Voir aussi |
56 sources (32 en français)
Date Actuelle
mer. 18 déc. - 07:58 CET
|