[HN Gopher] Compilers: The Old New Security Frontier [pdf]
___________________________________________________________________
Compilers: The Old New Security Frontier [pdf]
Author : zdw
Score : 43 points
Date : 2022-03-17 19:04 UTC (2 days ago)
(HTM) web link (grsecurity.net)
(TXT) w3m dump (grsecurity.net)
| duped wrote:
| Is there a talk that goes along with the slides?
| WalterBright wrote:
| Yes, the slides are clearly meant to be a supplement to the
| talk, and don't stand on their own.
| monocasa wrote:
| It was at BlueHat a couple weeks ago. The talk will probably
| show up on youtube in a month or two like has happened for
| previous BlueHats.
| Veserv wrote:
| The problem with these sorts of mitigations is that they take
| programs that are insecure by design on systems never intended to
| be secure and attempt to automagically retrofit security onto
| them. This has improved the prevailing security in many of these
| low security designs from laughably easy to requiring actual
| professional efforts by singular individuals, but are still,
| conservatively speaking, 100x worse than actual high security
| systems designed, proven, and verified to protect against high
| attack potential threat actors such as state actors and
| international organized crime who have teams of hundreds instead
| of being limited to small scale individual operations.
|
| The real frontier for high security has been and continues to be
| adopting and then streamlining the implementation of the
| methodologies in use for decades demonstrated to be 100x better
| than the last 20 years of mitigations combined.
| bigcat123 wrote:
___________________________________________________________________
(page generated 2022-03-19 23:00 UTC)