May 17 2024 58 mins 18
Memory corruption is a difficult problem to solve, but many such as CISA are pushing for moves to memory safe languages. How viable is rewriting compared to mitigating?
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/254.html
[00:00:00] Introduction
[00:01:12] Clarifying Scope & Short/Long Term
[00:04:28] Mitigations
[00:15:37] Safe Languages Are Falliable
[00:21:20] Weaknesses & Evolution of Mitigations
[00:29:19] Rewriting and the Iterative Process
[00:34:55] The Rewriting Scalability Argument
[00:41:43] System vs App Bugs
[00:48:46] Mitigations & Rewriting Are Not Mutually Exclusive
[00:50:25] Corporate vs Open Source
[00:54:12] Generational Change
[00:56:18] Conclusion
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
