Comment by mgaunard 3 days ago I don't think 70% of bugs are memory safety issues.In my experience it's closer to 5%. 13 comments mgaunard Reply cogman10 3 days ago I believe this is where that fact comes from [1]Basically, 70% of high severity bugs are memory safety.[1] https://www.chromium.org/Home/chromium-security/memory-safet... saagarjha 3 days ago High severity security issues. mgaunard 3 days ago Right, which is a measure which is heavily biased towards memory safety bugs. IshKebab 3 days ago 70% of security vulnerabilities are due to memory safety. Not all bugs. stonemetal12 3 days ago Using the data provided, memory safety issues (use-after-free, memory-leak, buffer-overflow, null-deref) account for 67% of their bugs. If we include refcount It is just over 80%. tester756 3 days ago That's the figure that Microsoft and Google found in their code bases. redeeman 3 days ago probably quite a bit less than 5%, however, they tend to be quite serious when they happen mgaunard 3 days ago Only serious if you care about protecting from malicious actors running code on the same host. redeeman 3 days ago you dont? I would imagine people that runs for example a browser would have quite an interest in that 3 replies → nibman 3 days ago [dead]
cogman10 3 days ago I believe this is where that fact comes from [1]Basically, 70% of high severity bugs are memory safety.[1] https://www.chromium.org/Home/chromium-security/memory-safet... saagarjha 3 days ago High severity security issues. mgaunard 3 days ago Right, which is a measure which is heavily biased towards memory safety bugs.
stonemetal12 3 days ago Using the data provided, memory safety issues (use-after-free, memory-leak, buffer-overflow, null-deref) account for 67% of their bugs. If we include refcount It is just over 80%.
redeeman 3 days ago probably quite a bit less than 5%, however, they tend to be quite serious when they happen mgaunard 3 days ago Only serious if you care about protecting from malicious actors running code on the same host. redeeman 3 days ago you dont? I would imagine people that runs for example a browser would have quite an interest in that 3 replies →
mgaunard 3 days ago Only serious if you care about protecting from malicious actors running code on the same host. redeeman 3 days ago you dont? I would imagine people that runs for example a browser would have quite an interest in that 3 replies →
redeeman 3 days ago you dont? I would imagine people that runs for example a browser would have quite an interest in that 3 replies →
I believe this is where that fact comes from [1]
Basically, 70% of high severity bugs are memory safety.
[1] https://www.chromium.org/Home/chromium-security/memory-safet...
High severity security issues.
Right, which is a measure which is heavily biased towards memory safety bugs.
70% of security vulnerabilities are due to memory safety. Not all bugs.
Using the data provided, memory safety issues (use-after-free, memory-leak, buffer-overflow, null-deref) account for 67% of their bugs. If we include refcount It is just over 80%.
That's the figure that Microsoft and Google found in their code bases.
probably quite a bit less than 5%, however, they tend to be quite serious when they happen
Only serious if you care about protecting from malicious actors running code on the same host.
you dont? I would imagine people that runs for example a browser would have quite an interest in that
3 replies →
[dead]