Do You Speak My Language? Make Static Analysis Engines Understand Each Other

Explore a groundbreaking framework for exchanging taint information between multiple static analysis systems, enabling cross-language and cross-repo taint-flow analysis. Discover how this innovative approach has been implemented at Facebook to detect critical security vulnerabilities across diverse codebases. Learn about real-world examples where data flow traverses multiple programming languages, and gain insights into the practical applications of this technology for enhancing cybersecurity measures. This 38-minute Black Hat conference talk, presented by Ibrahim Elsayed and Manuel Fahndrich, offers a deep dive into advanced static analysis techniques and their potential to revolutionize vulnerability detection in complex software ecosystems.