[HN Gopher] Compilers: The Old New Security Frontier [pdf] ___________________________________________________________________ Compilers: The Old New Security Frontier [pdf] Author : zdw Score : 43 points Date : 2022-03-17 19:04 UTC (2 days ago) (HTM) web link (grsecurity.net) (TXT) w3m dump (grsecurity.net) | duped wrote: | Is there a talk that goes along with the slides? | WalterBright wrote: | Yes, the slides are clearly meant to be a supplement to the | talk, and don't stand on their own. | monocasa wrote: | It was at BlueHat a couple weeks ago. The talk will probably | show up on youtube in a month or two like has happened for | previous BlueHats. | Veserv wrote: | The problem with these sorts of mitigations is that they take | programs that are insecure by design on systems never intended to | be secure and attempt to automagically retrofit security onto | them. This has improved the prevailing security in many of these | low security designs from laughably easy to requiring actual | professional efforts by singular individuals, but are still, | conservatively speaking, 100x worse than actual high security | systems designed, proven, and verified to protect against high | attack potential threat actors such as state actors and | international organized crime who have teams of hundreds instead | of being limited to small scale individual operations. | | The real frontier for high security has been and continues to be | adopting and then streamlining the implementation of the | methodologies in use for decades demonstrated to be 100x better | than the last 20 years of mitigations combined. | bigcat123 wrote: ___________________________________________________________________ (page generated 2022-03-19 23:00 UTC)