Memory Access Boundary Checking| Lei Mao's Log Book
This is not a formal proposal. It’s just my take on what a working proposal would generally look like. In particular there are real proposals that look a lot like this (and I think they get some of the details wrong but that’s beside the point). If you want a serious takedown of the most […]| Abandonculture
FOSDEM 2025, one of the largest open-source software conferences in the world, took place in Brussels, Belgium in February this year. The Good Penguin attended and in this blog post we will share some of our highlights. Exploring Open Source Dual A/B Update Solutions for Embedded Linux – Leon Anavi At The Good Penguin we …| www.thegoodpenguin.co.uk
In our team's latest blog post, we build a few examples that showcase ways in which memory corruption vulnerabilities could manifest in Delphi code despite being included in a list of "memory safe" languages within a paper published by the NSA. We cover how compiler flags and dangerous system library routines could affect memory safety while demonstrating Delphi stack/heap-based overflow examples and conclude with a few tips for developers to avoid introducing memory vulnerabilities in their ...| Include Security Research Blog
In an article in the February, 2025 issue of Communications of the ACM, I join 20 coauthors from across academia and industry in writing about the remarkable opportunity for universal strong memory safety in low-level Trusted Computing Bases (TCBs) enabled by recent advances in type- and memory-safe systems programming languages (e.g., the Rust language), hardware memory protection (e.g., our work on CHERI), formal methods, and software compartmentalisation. These technologies are seeing incr...| Light Blue Touchpaper
While we at Silent Signal are strong believers in human creativity when it comes to finding new, or unusual vulnerabilities, we’re also constantly looking for ways to transform our experience into automated tools that can reliably and efficiently detect already known bug classes. The discovery of CVE-2019-6976 – an uninitialized memory disclosure bug in a widely used imaging library – was a particularly interesting finding to me, as it represented a lesser known class of issues in the i...| Silent Signal Techblog