@tek Oh hey, it's yet more of those "writing this in a #MemorySafe language would've prevented the whole problem" #vulnerabilities, alongside a validation one (insufficient detail to say if better type/dynamic tooling would've helped).

"Improved memory-handling" should be code for "we rewrote it in #CommonLisp, as it should've been from the beginning".

*ANNOUNCEMENT* Internet Security Research Group (ISRG) has officially made us the new home of "ntpd-rs", the #opensource #memorysafe implementation of the Network Time Protocol.

We are proud to be the new long-term maintainers, and as such are looking for early adopters.

Thanks to Josh Aas and Prossimo for the their trust and support!

https://tweedegolf.nl/en/blog/90/memory-safe-network-time-ntp-has-new-home-seeks-early-adopters

I'd like if it were more common to make software purely in #MemorySafe #managed languages like #Java and #CommonLisp instead of resorting to #C libraries for hot paths.

Yes, there may be some performance or optimization cost (and even then, you can go quite far, at least with Common Lisp if you're willing to), but I really feel that it'd be worthwhile to avoid just getting some completely avoidable vulnerabilities retroactively destroying any semblance of safety.

#InfoSec #Programming #Safety

"Stroustrup views security as a broader concept, the various facets of which can be achieved through a combination of coding style, libraries, and static analyzers. To control the inclusion of rules that guarantee the safety of working with types and resources, he proposes to use code annotations and compiler options."

The creator of the C++ language criticized an NSA report on secure programming languages ​​| linux addicts
https://www.linuxadictos.com/en/the-creator-of-the-c-language-criticized-an-nsa-report-on-safe-programming-languages.html

#infosec #memorysafe

#roobquestion : is #memorysafe a practice, or implicit?

https://www.zdnet.com/article/nsa-to-developers-think-about-switching-from-c-and-c-to-a-memory-safe-programming-language/