Memory Corruption: Best Tackled with Mitigations or Safe-Languages

Memory corruption is a difficult problem to solve, but many such as CISA are pushing for moves to memory safe languages. How viable is rewriting compared to mitigating? Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/254.html [00:00:00] Introduction [00:01:12] Clarifying Scope & Short/Long Term [00:04:28] Mitigations [00:15:37] Safe Languages Are Falliable [00:21:20] Weaknesses & Evolution of Mitigations [00:29:19] Rewriting and the Iterative Process [00:34:55] The Rewriting Scalability Argument [00:41:43] System vs App Bugs [00:48:46] Mitigations & Rewriting Are Not Mutually Exclusive [00:50:25] Corporate vs Open Source [00:54:12] Generational Change [00:56:18] Conclusion Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9