Overview
Explore a comprehensive analysis of memory unsafety in C and C++ programming languages and its impact on software vulnerabilities in this 21-minute conference talk from USENIX Enigma 2021. Delve into empirical data quantifying the prevalence of memory-unsafety induced vulnerabilities across major projects, and examine the effectiveness of various tactics in persuading developers to reconsider using these languages. Learn about the five stages of grief as they relate to developers' responses to memory unsafety issues, and gain insights into potential solutions, including incremental migrations and alternative approaches to secure development. Discover why C and C++ may no longer be suitable for modern secure development and understand the call to action for addressing these critical security concerns in software engineering.
Syllabus
Intro
Account takeover prevention rates, by challenge type
Properties of memory unsafety
Languages
Case studies
Denial: Data
Anger symptoms
Anger: Complex systems
Bargaining symptoms
Bargaining: Response
Depression: Work smarter, not harder
A call to action
Proof that incremental migrations are
Taught by
USENIX Enigma Conference